GDM blocks SIGUSR1 used in PAM scripts

Bug #1782152 reported by Dariusz Gadomski on 2018-07-17
18
This bug affects 2 people
Affects Status Importance Assigned to Milestone
gdm3 (Debian)
Fix Released
Unknown
gdm3 (Ubuntu)
Status tracked in Cosmic
Xenial
Medium
Dariusz Gadomski
Bionic
Medium
Dariusz Gadomski
Cosmic
Medium
Dariusz Gadomski

Bug Description

https://gitlab.gnome.org/GNOME/gdm/issues/399

[Impact]
GDM blocks SIGUSR1 for it's processes, since this is used in communication with X. This signal is later unblocked, however it happens after PAM
interaction, so if PAM depends on this signal in any way it will get blocked.
The issue has been fixed upstream.

[Test Case]
1. Prepare a setup described in Other Info using the attached scripts.
2. Log in.
3. Check logs /tmp/auth.log.

Expected result: SIGUSR1 has been received.
Actual result: SIGUSR1 never reaches the process.

[Regression Potential]
If there were components depending on SIGUSR1 their behavior may change - features that were inactive before may be triggered.

[Other Info]

 Original bug description:

In case of the following scenario:
1. PAM configured to run auth and session with pam_exec scripts synchronizing via SIGUSR1
2. Using GDM as the login manager causes SIGUSR1 never reaches the target scripts.

Workaround:
a) Use SIGUSR2 in the scripts.
b) Comment out block_sigusr1() call in daemon/main.c.

To reproduce add the following entries:
/etc/pam.d/common-auth:
auth optional pam_exec.so log=/tmp/auth.log expose_authtok quiet /usr/local/bin/auth.py

/etc/pam.d/common-session:
session optional pam_exec.so log=/tmp/session.log /usr/local/bin/session.py

Attaching example scripts.
When using SIGUSR1 - sigusr1_handler is never called, with SIGUSR2 it is called without issues.

Related branches

description: updated
Dariusz Gadomski (dgadomski) wrote :

Adding scripts for reproducer.

description: updated
summary: - GDM block SIGUSR1 used in PAM scripts
+ GDM blocks SIGUSR1 used in PAM scripts
Daniel van Vugt (vanvugt) wrote :

Please run:

  apport-collect 1782152

to send us more information about the system.

Changed in gdm (Ubuntu):
status: New → Incomplete
Dariusz Gadomski (dgadomski) wrote :

apport-collect 1782152 replies with "No additional information collected" message.

But this issue is reproducible with any clean bionic desktop install (since GDM needs to be the login managed).

It is NOT reproducible if I switch back to lightDM.

tags: added: bionic
Changed in gdm (Ubuntu):
status: Incomplete → New
affects: gdm (Ubuntu) → gdm3 (Ubuntu)
Daniel van Vugt (vanvugt) wrote :

It does appear SIGUSR1 is special:
  https://gitlab.gnome.org/GNOME/gdm/blob/master/daemon/gdm-server.c
  https://gitlab.gnome.org/GNOME/gdm/blob/master/daemon/main.c

Next, please report the problem to the Gnome developers here:
  https://gitlab.gnome.org/GNOME/gdm/issues
and then tell us the new bug ID.

Changed in gdm3 (Ubuntu):
status: New → Incomplete
Dariusz Gadomski (dgadomski) wrote :

Upstream bug: https://gitlab.gnome.org/GNOME/gdm/issues/399
(not adding via "also affects projects" since LP does not parse gitlab bugtracker yet).

Dariusz Gadomski (dgadomski) wrote :

Updated scripts for the reproducer.

Dariusz Gadomski (dgadomski) wrote :
Daniel van Vugt (vanvugt) wrote :

Upstream have proposed a fix:
https://gitlab.gnome.org/GNOME/gdm/merge_requests/20

Please test it when you can.

Changed in gdm3 (Ubuntu):
status: Incomplete → New
description: updated
Changed in gdm3 (Ubuntu):
status: New → Confirmed
Dariusz Gadomski (dgadomski) wrote :

I confirm - the issue is gone after testing a build with the upstream patch applied.

Dariusz Gadomski (dgadomski) wrote :

Patch for Cosmic.

Dariusz Gadomski (dgadomski) wrote :

SRU proposal for Bionic.

description: updated
description: updated
Dariusz Gadomski (dgadomski) wrote :

SRU proposal for Xenial.

Changed in gdm3 (Ubuntu):
assignee: nobody → Dariusz Gadomski (dgadomski)
status: Confirmed → In Progress
importance: Undecided → Medium
Eric Desrochers (slashd) wrote :

Hi Dariusz,

Before I sponsor the patch in Ubuntu, did you submitted (or at least forwarded) the patch to gdm3 debian ?

I couldn't find a debian bug about it.

If one exist great, but if none, could you please file one against gdm3 (debian).
This will prevent gdm Ubuntu package to re-introduce the same problem in later future release sync (Debian->Ubuntu).

Once done, I'll gladly sponsor in Cosmic.

- Eric

Daniel van Vugt (vanvugt) wrote :

Is that really necessary when the fix is already upstream?

Dariusz Gadomski (dgadomski) wrote :

Although I originally shared Daniel's doubt, I reported it to Debian and shared the patch (bug linked above).

Changed in gdm3 (Debian):
status: Unknown → New
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package gdm3 - 3.28.2-3ubuntu4

---------------
gdm3 (3.28.2-3ubuntu4) cosmic; urgency=medium

  * ubuntu_nvidia_prime.patch:
    - Run scripts for Prime before and after Gdm sessions (LP: #1778011).

 -- Alberto Milone <email address hidden> Mon, 30 Jul 2018 18:31:17 +0200

Changed in gdm3 (Ubuntu Cosmic):
status: In Progress → Fix Released
Daniel van Vugt (vanvugt) wrote :

Did Alberto release the fix there and just forget to document it?

Daniel van Vugt (vanvugt) wrote :

Yes. The fix for this bug is in 3.28.2-3ubuntu4

Changed in gdm3 (Debian):
status: New → Fix Released
Eric Desrochers (slashd) on 2018-08-14
Changed in gdm3 (Ubuntu Bionic):
status: New → In Progress
importance: Undecided → Medium
assignee: nobody → Dariusz Gadomski (dgadomski)
Sebastien Bacher (seb128) wrote :

Dariusz, do we want that one in Xenial as well? If so do you plan to work on that? (assigning to you, feel free to unassign/comment/change as appropriate)

Changed in gdm3 (Ubuntu Xenial):
assignee: nobody → Dariusz Gadomski (dgadomski)
Dariusz Gadomski (dgadomski) wrote :

Seb, Xenial is also affected (as long as the user switches to gdm) and this patch fixes it, so it's worth having it.

I already talked to Eric (slashd) about it - he's going to drive it forward.

Eric Desrochers (slashd) on 2018-08-17
Changed in gdm3 (Ubuntu Xenial):
status: New → In Progress
importance: Undecided → Medium

Hello Dariusz, or anyone else affected,

Accepted gdm3 into bionic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gdm3/3.28.3-0ubuntu18.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-bionic to verification-done-bionic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-bionic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gdm3 (Ubuntu Bionic):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-bionic
Łukasz Zemczak (sil2100) wrote :

Hello Dariusz, or anyone else affected,

Accepted gdm3 into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/gdm3/3.18.3-0ubuntu2.2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed.Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-xenial to verification-done-xenial. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-xenial. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in gdm3 (Ubuntu Xenial):
status: In Progress → Fix Committed
tags: added: verification-needed-xenial
Dariusz Gadomski (dgadomski) wrote :

Verified on bionic with 3.28.3-0ubuntu18.04.1.

tags: added: verification-done-bionic
removed: verification-needed-bionic
Dariusz Gadomski (dgadomski) wrote :

Verified on xenial with 3.18.3-0ubuntu2.2.

tags: added: verification-done verification-done-xenial
removed: verification-needed verification-needed-xenial
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Bug attachments

Remote bug watches

Bug watches keep track of this bug in other bug trackers.