Ubuntu
libpam-mount package

libpam-mount doesn't pass options to mount.fuse correctly

Bug #662813 reported by Joe Pfeiffer
12
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libpam-mount (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: libpam-mount

libpam-mount combines the -o options flag and the options specified in /etc/security/pam_mount.conf.xml as a single command-line argument, e.g.

Oct 18 10:47:04 valiant sshd[15676]: pam_mount(mount.c:196): Mount info: globalconf, user=pfeiffer <volume fstype="fuse" server="(null)" path="encfs#/home.enc/pfeiffer" mountpoint="/home/pfeiffer" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="nonempty,allow_other" /> fstab=0
Oct 18 10:47:04 valiant sshd[15676]: command: 'mount.fuse' 'encfs#/home.enc/pfeiffer' '/home/pfeiffer' '-ononempty,allow_\other'
Oct 18 10:47:04 valiant sshd[15678]: pam_mount(spawn.c:108): setting uid to user pfeiffer
Oct 18 10:47:04 valiant sshd[15678]: pam_mount(misc.c:38): set_myuid<post>: (uid=1000, euid=1000, gid=100, egid=100)
Oct 18 10:47:04 valiant sshd[15676]: pam_mount(mount.c:64): Errors from underlying mount program:
Oct 18 10:47:04 valiant sshd[15676]: pam_mount(mount.c:68): EncFS Password:
Oct 18 10:47:04 valiant sshd[15676]: pam_mount(mount.c:68): fuse: mountpoint is not empty
Oct 18 10:47:04 valiant sshd[15676]: pam_mount(mount.c:68): fuse: if you are sure this is safe, use the 'nonempty' mount option
Oct 18 10:47:04 valiant sshd[15676]: pam_mount(mount.c:68): fuse failed. Common problems:

The attached patch separates the -o and the options into two command-line arguments:

   Oct 18 10:52:57 valiant gdm-session-worker[1820]: pam_mount(mount.c:196): Mount info: globalconf, user=pfeiffer <volume fstype="fuse" server="(null)" path="encfs#/home.enc/pfeiffer" mountpoint="/home/pfeiffer" cipher="(null)" fskeypath="(null)" fskeycipher="(null)" fskeyhash="(null)" options="nonempty,allow_other" /> fstab=0
Oct 18 10:52:57 valiant gdm-session-worker[1820]: command: 'mount.fuse' 'encfs#/home.enc/pfeiffer' '/home/pfeiffer' '-o' 'nonempty,allow_other'
Oct 18 10:52:57 valiant gdm-session-worker[17148]: pam_mount(spawn.c:108): setting uid to user pfeiffer
Oct 18 10:52:57 valiant gdm-session-worker[17148]: pam_mount(misc.c:38): set_myuid<post>: (uid=1000, euid=1000, gid=100, \
egid=100)
Oct 18 10:52:57 valiant gdm-session-worker[1820]: pam_mount(mount.c:64): Errors from underlying mount program:
Oct 18 10:52:57 valiant gdm-session-worker[1820]: pam_mount(mount.c:68): EncFS Password:

(note that the 'error' referred to in the second log file excerpt is not an error, and the mount does in fact succeed in this case)

This could, of course, equally well have been fixed by making mount.fuse's command-line parsing more robust.

ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: libpam-mount 2.3-1 [modified: lib/security/pam_mount.so sbin/mount.crypt]
ProcVersionSignature: Ubuntu 2.6.35-22.34-generic 2.6.35.4
Uname: Linux 2.6.35-22-generic i686
Architecture: i386
Date: Mon Oct 18 11:00:19 2010
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: libpam-mount

Revision history for this message
Joe Pfeiffer (joseph-pfeifferfamily) wrote :
Brian Murray (brian-murray)
tags: added: patch
Revision history for this message
Jan Engelhardt (jengelh) wrote :

This should not be needed, as fuse, since version 2.4.0, uses getopt_long and thus should be able to understand squashed options.

Revision history for this message
Joe Pfeiffer (joseph-pfeifferfamily) wrote :

As of version 2.8.4, mount.fuse still does its own argument parsing. Lines 141-146 of mount.fuse.c read:

  } else if (strcmp(argv[i], "-o") == 0) {
   char *opts;
   char *opt;
   i++;
   if (i == argc)
    break;

It doesn't handle squashed options.

Anders (eddiedog988)
Changed in libpam-mount (Ubuntu):
status: New → Confirmed
Jochen Sprickerhof (v-launchpad-jochen-sprickerhof-de)
Changed in libpam-mount (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.