Package: sudo Version: 1.8.3p2-1 Severity: normal I encountered this while investigating #660739.
If authentication succeeds but authorization fails (in other words, when the password is correct, but sudoers then does not allow the user to run that command), sudo never calls pam_end. The cleanup function doesn't call pam_end when authentication succeeds, with a comment that it has to wait until pam_close_session, but then the session code is never called when there's an authorization failure. There needs to be another case somewhere that tracks the fact that a PAM handle has been allocated and cleans it up on authorization failure. -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 3.1.0-1-686-pae (SMP w/4 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages sudo depends on: ii libc6 2.13-27 ii libpam-modules 1.1.3-7 ii libpam0g 1.1.3-7 ii libselinux1 2.1.9-2 sudo recommends no packages. sudo suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org