missing pam_loginuid.so breaks getlogin()

Bug #1067779 reported by Konstantin Lepikhov on 2012-10-17
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
at (Debian)
Fix Released
Unknown
at (Ubuntu)
High
Unassigned
cron (Debian)
Fix Released
Unknown
cron (Ubuntu)
High
Unassigned
openssh (Debian)
Fix Released
Unknown
openssh (Ubuntu)
High
Unassigned
shadow (Debian)
Fix Released
Unknown
shadow (Ubuntu)
High
Unassigned

Bug Description

getlogin() call in new glibc checks /proc/self/loginuid presence and trust its value as most safe source (due it's audit-related nature). But default /etc/pam.d/common-account doesn't contains entry to pam_loginuid.so which modify /proc/self/loginuid properly. This breaks getlogin() at many scenarios like this:

(pam session without pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";'
root
(pam session without pam_loginuid)$ id
uid=1000(...

just because /proc/self/loginuid contains '0' value

If I add pam_loginuid.so to /etc/pam.d/common-account like http://manpages.ubuntu.com/manpages/precise/man8/pam_loginuid.8.html recommend, everything worked as expected:

(pam session with pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";'
user
(pam session with pam_loginuid)$ id
uid=1000(...

# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS"

# dpkg -l|fgrep libpam
ii libpam-ck-connector 0.4.5-2 ConsoleKit PAM module
ii libpam-modules 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM
ii libpam-modules-bin 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM - helper binaries
ii libpam-runtime 1.1.3-7ubuntu2 Runtime support for the PAM library
ii libpam0g 1.1.3-7ubuntu2 Pluggable Authentication Modules library

Related branches

description: updated
Konstantin Lepikhov (lakostis) wrote :

More to go:

Currently, /etc/pam.d/common-account (to be more correct, /etc/pam.d/common-session) doesn't differ sessions like ordinary (login,sshd,crond etc) and special (su and sudo). So my proposal incorrect - better add pam_loginuid to ordinary sessions and leave special sessions untouched.

Steve Langasek (vorlon) wrote :

> So my proposal incorrect - better add pam_loginuid to ordinary
> sessions and leave special sessions untouched.

Yep. This makes it non-trivial to do centrally; needs to be addressed in the individual services unfortunately.

affects: pam (Ubuntu) → openssh (Ubuntu)
Konstantin Lepikhov (lakostis) wrote :

Maybe split system-auth and login procedures? That makes possible to make login-common (with additions like pam_loginuid) for login-like session using system-auth and other sessions using only system-auth.

Serge Hallyn (serge-hallyn) wrote :

So should this actually be tasked to the libpam-runtime package (which owns /etc/pam.d/common-auth) rather than cron, openssh and shadow?

Changed in cron (Ubuntu):
importance: Undecided → High
Changed in openssh (Ubuntu):
importance: Undecided → High
Changed in shadow (Ubuntu):
importance: Undecided → High
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in cron (Ubuntu):
status: New → Confirmed
Changed in openssh (Ubuntu):
status: New → Confirmed
Changed in shadow (Ubuntu):
status: New → Confirmed
Changed in openssh (Debian):
status: Unknown → Fix Released
Changed in shadow (Debian):
status: Unknown → New
Changed in at (Debian):
status: Unknown → New
Changed in cron (Debian):
status: Unknown → New
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:6.2p2-3

---------------
openssh (1:6.2p2-3) unstable; urgency=low

  * If the running init daemon is Upstart, then, on the first upgrade to
    this version, check whether sysvinit is still managing sshd; if so,
    manually stop it so that it can be restarted under upstart. We do this
    near the end of the postinst, so it shouldn't result in any appreciable
    extra window where sshd is not running during upgrade.

 -- Colin Watson <email address hidden> Wed, 22 May 2013 17:42:10 +0100

Changed in openssh (Ubuntu):
status: Confirmed → Fix Released
Changed in shadow (Debian):
status: New → Fix Committed
Changed in at (Debian):
status: New → Fix Committed
Changed in at (Ubuntu):
status: New → Confirmed
importance: Undecided → High
Serge Hallyn (serge-hallyn) wrote :

I see the fix in at's git tree at

http://anonscm.debian.org/gitweb/?p=collab-maint/at.git;a=commitdiff;h=23def4839244a4937e60c4bfa27c97147f41cf3a

Marking fix committed. The fix will come in through a merge after this is released in debian.

Changed in at (Ubuntu):
status: Confirmed → Fix Committed
Changed in shadow (Debian):
status: Fix Committed → Fix Released
Changed in cron (Debian):
status: New → Fix Committed
Changed in cron (Debian):
status: Fix Committed → Fix Released
Changed in at (Debian):
status: Fix Committed → Fix Released
Christian Kastner (ckk) wrote :

3.0pl1-124.1ubuntu1 contains a fix for this.

Changed in cron (Ubuntu):
status: Confirmed → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (6.7 KiB)

This bug was fixed in the package shadow - 1:4.2-3.1ubuntu1

---------------
shadow (1:4.2-3.1ubuntu1) xenial; urgency=low

  * Merge from Debian unstable.
    - Includes pam_loginuid in login PAM config. LP: #1067779.
    - Fixes typo in usermod -h output. LP: #1348873.
  * Remaining changes:
    - debian/passwd.upstart: Add an upstart job to clear locks on
      [shadow-]passwd/group.
    - debian/login.defs:
      + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG
        handling does not only apply to "former (pre-PAM) uses".
      + Update documentation of UMASK: Explain that USERGROUPS_ENAB
        will modify this default for UPGs.
    - debian/{source_shadow.py,rules}: Add apport hook
    - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running
      /etc/update-motd.d/* scripts twice.
    - debian/patches/1010_extrausers.patch: Add support to passwd for
      libnss-extrausers
    - debian/patches/1011_extrausers_toggle.patch: extrausers support for
      useradd and groupadd
    - debian/patches/userns/subuids-nonlocal-users: Don't limit
      subuid/subgid support to local users.
  * Dropped changes, included in Debian:
    - Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on.
    - Add uidmap package based on upstream patches that introduce
      newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional
      updates on those to widen the default allocation to 65536 uids and gids
      and only assign ranges to non-system users.
    - debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all
      error cases.
  * Dropped changes, included upstream:
    - debian/patches/495_stdout-encrypted-password: chpasswd can report
      password hashes on stdout.
    - debian/patches/496_su_kill_process_group: Kill the child process group,
      rather than just the immediate child.
  * Fix pam_motd calls so that the second pam_motd is the noupdate one rather
    than the first, ensuring /run/motd.dynamic is always populated and shown
    on the first login after boot. LP: #1368864.
  * Don't call 'pam_exec uname', a change adopted in Debian without
    coordination with the Debian PAM maintainer
  * Use dh_installinit now for installing the upstart job, as we no longer
    generate a dependency on upstart-job.
  * Include /etc/sub[ug]id in the list of files to clear locks for on boot.
    LP: #1304505
  * Add a systemd unit to go with the upstart job, so that lock clearing works
    on newer Ubuntu releases.

shadow (1:4.2-3.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix error handling in busy user detection. (Closes: #778287)

shadow (1:4.2-3) unstable; urgency=low

  * Enforce hardened builds to workaround cdbs sometimes not building
    with hardening flags as in 1:4.2-2+b1
    Thanks to Dr. Markus Waldeck for pointing the issue and Simon Ruderich
    For providing a working patch.

shadow (1:4.2-2) unstable; urgency=low

  * The "Soumaintrain" release
  * The "Rigotte de Condrieu" release was 4.2-1
  * Upload to unstable
  * Last upload integrates the use of dh_autoreconf which has the same
    effect then Eric Dorland's patch in 1:4.1.5.1-1.1 ...

Read more...

Changed in shadow (Ubuntu):
status: Confirmed → Fix Released
dino99 (9d9) wrote :

cron (3.0pl1-124.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Add pam_loginuid module to the PAM session stack (Closes: #677443)
  * Add systemd service file. Thanks to Michael Stapelberg (Closes: #652440)

 -- Laurent Bigonville <email address hidden> Sun, 25 May 2014 21:21:19 +0200

Changed in cron (Ubuntu):
status: Fix Committed → Fix Released
dino99 (9d9) wrote :

at (3.1.15-1) unstable; urgency=medium

  * New upstream release:
    + pam.conf: require pam_loginuid.so (Closes: #677442)
  * Bumped Standards-Version to 3.9.5 (no changes).

 -- Ansgar Burchardt <email address hidden> Sun, 10 Aug 2014 14:03:16 +0200

Changed in at (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.