First Last Prev Next    This bug is not in your last search results.
Bug 421 - PAM usage is broken
PAM usage is broken
Status: RESOLVED FIXED
Product: Sudo
Classification: Unclassified
Component: Sudo
1.7.2
PC Linux
: low normal
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2010-07-21 09:40 MDT by Lennart Poettering
Modified: 2010-08-02 15:00 MDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lennart Poettering 2010-07-21 09:40:40 MDT 
sudo uses PAM incorrectly: it calls pam_open_session() immediately followed by pam_close_session() and only then exec()s the actual process. 

pam_close_session() must be closed after the process terminates again, not before. This issue confused a number of PAM modules quite a bit.

login(1) does that correctly. After calling pam_open_session() it forks, and then in the parent process waits for the child to terminate and then calls pam_close_session(). 

http://git.kernel.org/?p=utils/util-linux-ng/util-linux-ng.git;a=blob;f=login-utils/login.c;h=1550388c4574207857ae6843041eeff3cba52d39;hb=HEAD#l1166

sudo must follow the same scheme.
Comment 1 Todd C. Miller 2010-07-21 10:19:14 MDT 
This will be fixed in sudo 1.7.4.
Comment 2 Todd C. Miller 2010-08-02 15:00:30 MDT 
Closing, sudo 1.7.4 is out now.
First Last Prev Next    This bug is not in your last search results.