2012-10-17 15:38:09 |
Konstantin Lepikhov |
bug |
|
|
added bug |
2012-10-18 08:29:26 |
Konstantin Lepikhov |
description |
getlogin() call in new glibc checks /proc/self/loginuid presence and trust its value as most safe source (due it's audit-related nature). But default /etc/pam.d/common-account doesn't contains entry to pam_loginuid.so which modify /proc/self/loginuid properly. This breaks getlogin() at many scenarios like this:
(pam session without pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";'
root
(pam session without pam_loginuid)$ id
uid=1000(...
lust because /proc/self/loginuid contains '0' value
If I add pam_loginuid.so to /etc/pam.d/common-account like http://manpages.ubuntu.com/manpages/precise/man8/pam_loginuid.8.html recommend, everything worked as expected:
(pam session with pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";'
user
(pam session with pam_loginuid)$ id
uid=1000(...
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS"
# dpkg -l|fgrep libpam
ii libpam-ck-connector 0.4.5-2 ConsoleKit PAM module
ii libpam-modules 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM
ii libpam-modules-bin 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM - helper binaries
ii libpam-runtime 1.1.3-7ubuntu2 Runtime support for the PAM library
ii libpam0g 1.1.3-7ubuntu2 Pluggable Authentication Modules library |
getlogin() call in new glibc checks /proc/self/loginuid presence and trust its value as most safe source (due it's audit-related nature). But default /etc/pam.d/common-account doesn't contains entry to pam_loginuid.so which modify /proc/self/loginuid properly. This breaks getlogin() at many scenarios like this:
(pam session without pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";'
root
(pam session without pam_loginuid)$ id
uid=1000(...
just because /proc/self/loginuid contains '0' value
If I add pam_loginuid.so to /etc/pam.d/common-account like http://manpages.ubuntu.com/manpages/precise/man8/pam_loginuid.8.html recommend, everything worked as expected:
(pam session with pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";'
user
(pam session with pam_loginuid)$ id
uid=1000(...
# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=12.04
DISTRIB_CODENAME=precise
DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS"
# dpkg -l|fgrep libpam
ii libpam-ck-connector 0.4.5-2 ConsoleKit PAM module
ii libpam-modules 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM
ii libpam-modules-bin 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM - helper binaries
ii libpam-runtime 1.1.3-7ubuntu2 Runtime support for the PAM library
ii libpam0g 1.1.3-7ubuntu2 Pluggable Authentication Modules library |
|
2012-10-18 13:46:37 |
Steve Langasek |
affects |
pam (Ubuntu) |
openssh (Ubuntu) |
|
2012-10-18 13:46:49 |
Steve Langasek |
bug task added |
|
shadow (Ubuntu) |
|
2012-10-18 13:47:34 |
Steve Langasek |
bug task added |
|
cron (Ubuntu) |
|
2012-10-19 21:46:47 |
Serge Hallyn |
cron (Ubuntu): importance |
Undecided |
High |
|
2012-10-19 21:46:50 |
Serge Hallyn |
openssh (Ubuntu): importance |
Undecided |
High |
|
2012-10-19 21:46:54 |
Serge Hallyn |
shadow (Ubuntu): importance |
Undecided |
High |
|
2012-12-16 01:27:10 |
Launchpad Janitor |
cron (Ubuntu): status |
New |
Confirmed |
|
2012-12-16 01:27:10 |
Launchpad Janitor |
openssh (Ubuntu): status |
New |
Confirmed |
|
2012-12-16 01:27:10 |
Launchpad Janitor |
shadow (Ubuntu): status |
New |
Confirmed |
|
2013-05-22 11:25:41 |
Laurent Bigonville |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677440 |
|
2013-05-22 11:25:41 |
Laurent Bigonville |
bug task added |
|
openssh (Debian) |
|
2013-05-22 11:26:17 |
Laurent Bigonville |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677443 |
|
2013-05-22 11:26:17 |
Laurent Bigonville |
bug task added |
|
cron (Debian) |
|
2013-05-22 11:27:15 |
Laurent Bigonville |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677441 |
|
2013-05-22 11:27:15 |
Laurent Bigonville |
bug task added |
|
shadow (Debian) |
|
2013-05-22 11:29:01 |
Laurent Bigonville |
bug task added |
|
at (Ubuntu) |
|
2013-05-22 11:29:39 |
Laurent Bigonville |
bug watch added |
|
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=677442 |
|
2013-05-22 11:29:39 |
Laurent Bigonville |
bug task added |
|
at (Debian) |
|
2013-05-22 12:24:18 |
Bug Watch Updater |
openssh (Debian): status |
Unknown |
Fix Released |
|
2013-05-22 12:24:20 |
Bug Watch Updater |
shadow (Debian): status |
Unknown |
New |
|
2013-05-22 12:24:22 |
Bug Watch Updater |
at (Debian): status |
Unknown |
New |
|
2013-05-22 12:24:23 |
Bug Watch Updater |
cron (Debian): status |
Unknown |
New |
|
2013-05-23 06:54:21 |
Launchpad Janitor |
openssh (Ubuntu): status |
Confirmed |
Fix Released |
|
2013-08-05 16:31:20 |
Bug Watch Updater |
shadow (Debian): status |
New |
Fix Committed |
|
2013-09-09 09:47:20 |
Bug Watch Updater |
at (Debian): status |
New |
Fix Committed |
|
2013-10-01 12:01:05 |
Launchpad Janitor |
branch linked |
|
lp:~cjwatson/openssh/debian |
|
2013-11-28 02:13:07 |
Serge Hallyn |
at (Ubuntu): status |
New |
Confirmed |
|
2013-11-28 02:13:25 |
Serge Hallyn |
at (Ubuntu): importance |
Undecided |
High |
|
2013-11-28 02:20:55 |
Serge Hallyn |
at (Ubuntu): status |
Confirmed |
Fix Committed |
|
2014-04-24 00:34:19 |
Bug Watch Updater |
shadow (Debian): status |
Fix Committed |
Fix Released |
|
2014-05-27 01:22:04 |
Bug Watch Updater |
cron (Debian): status |
New |
Fix Committed |
|
2014-06-05 07:36:00 |
Bug Watch Updater |
cron (Debian): status |
Fix Committed |
Fix Released |
|
2014-08-10 13:22:16 |
Bug Watch Updater |
at (Debian): status |
Fix Committed |
Fix Released |
|
2014-10-20 11:37:37 |
Christian Kastner |
cron (Ubuntu): status |
Confirmed |
Fix Committed |
|
2016-02-03 10:00:36 |
Launchpad Janitor |
shadow (Ubuntu): status |
Confirmed |
Fix Released |
|
2016-02-03 10:18:24 |
dino99 |
cron (Ubuntu): status |
Fix Committed |
Fix Released |
|
2016-02-03 10:20:34 |
dino99 |
at (Ubuntu): status |
Fix Committed |
Fix Released |
|