Hi, this was originally reported on [EMAIL PROTECTED] [1] Someone noticed that after after running sudo their session disappeared when running `w` afterwards. I've done a little experimenting and this is caused when pam_lastlog.so is included in sudo's pam file. This results in the user still being logged in though according to the system logs the user has logged out. Here's an example:
[EMAIL PROTECTED] tom]$ w 12:50AM up 6 days, 12:30, 2 users, load averages: 0.24, 0.31, 0.30 USER TTY FROM LOGIN@ IDLE WHAT tom p0 bofh 12:50AM - w [EMAIL PROTECTED] tom]$ last tom ttyp0 bofh Mon Jul 23 00:50 still logged in ... [EMAIL PROTECTED] tom]$ sudo kill ... [EMAIL PROTECTED] tom]$ w 12:53AM up 6 days, 12:34, 1 user, load averages: 0.17, 0.22, 0.25 USER TTY FROM LOGIN@ IDLE WHAT [EMAIL PROTECTED] tom]$ last root ttyp0 Mon Jul 23 00:53 - 00:53 (00:00) tom ttyp0 bofh Mon Jul 23 00:50 - 00:53 (00:03) I can confirm this on -CURRENT and -STABLE. I tested on a CentOS 5.0 box and their pam_lastlog does not cause this with sudo so it appears to be an issue specific to ours. Can someone take a look into this? Also, is there any way sudo can work around this? Right now I've commented out the session line in the pam file that is installed by the port so most users will not be affected. Thanks. [1] http://lists.freebsd.org/pipermail/freebsd-ports/2007-July/042746.html tom -- | tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org | | FreeBSD http://www.FreeBSD.org | _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
