[Bug 952185] Re: ~/.pam_environment not parsed when HOME is encrypted
On 2013-02-12 05:08, Steve Langasek wrote: - As of the next upload of pam to raring, .pam_environment will not be read by default at all by the pam_env module. Currently that would break the locale environment for everyone, so please put that upload on hold. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/952185 Title: ~/.pam_environment not parsed when HOME is encrypted To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/952185/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 952185] Re: ~/.pam_environment not parsed when HOME is encrypted
** Branch linked: lp:~gunnarhj/lightdm/pam_env -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/952185 Title: ~/.pam_environment not parsed by default To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/952185/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 952185] Re: ~/.pam_environment not parsed when HOME is encrypted
On Tue, Feb 12, 2013 at 04:21:14PM -, Gunnar Hjalmarsson wrote: On 2013-02-12 05:08, Steve Langasek wrote: - As of the next upload of pam to raring, .pam_environment will not be read by default at all by the pam_env module. Currently that would break the locale environment for everyone, so please put that upload on hold. It was already uploaded. But I'm following it up with an upload of lightdm as well (sorry, already had a branch in progress before your merge proposal came in - just needed to log out to test it, which I've now done). -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/952185 Title: ~/.pam_environment not parsed by default To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/952185/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 952185] Re: ~/.pam_environment not parsed when HOME is encrypted
Having reviewed the proposed pam change at https://code.launchpad.net/~gunnarhj/ubuntu/raring/pam/encrypted- home/+merge/135021, I believe it's incorrect and that this needs to be fixed in lightdm instead. Repeating my comment from the merge proposal: - This is a change in behavior of common-session for all PAM services. Previously, pam_env is not mentioned in the common-* files at all, only in select service files that wish to use the module. Maybe this should be a common module, but I think that's separate from the question of hether the existing services have a correct stack, and this should not be the solution for the reported bug. - The services that are having this problem are ones that don't have pam_env in their session stack /at all/ - they're calling pam_env as an 'auth' module. This is allowed by the module, but should be considered deprecated. Furthermore, the module's own manpage says Since setting of PAM environment variables can have side effects to other modules, this module should be the last one on the stack. So the services currently including pam_env appear to be misusing it; they should be fixed directly. - As of the next upload of pam to raring, .pam_environment will not be read by default at all by the pam_env module. This change is being made in response to CVE-2010-4708, a low-priority security bug that can cause unexpected side effects on other modules later in the stack. Explicitly putting pam_env last in the session stack and using user_readenv=1 should be safe; but that would need to be done in the per-service configs to ensure that it's actually last. So I don't think this should be implemented in its current form and think that this needs to be fixed in the per-service files instead. ** CVE added: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-4708 ** Changed in: pam (Ubuntu) Status: In Progress = Invalid ** Changed in: pam (Ubuntu Precise) Status: Confirmed = Invalid ** Also affects: openssh (Ubuntu) Importance: Undecided Status: New ** Also affects: at (Ubuntu) Importance: Undecided Status: New ** Also affects: sudo (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/952185 Title: ~/.pam_environment not parsed when HOME is encrypted To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/952185/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 952185] Re: ~/.pam_environment not parsed when HOME is encrypted
This problem also affects /etc/pam.d/atd, /etc/pam.d/sshd, and /etc/pam.d/sudo in raring. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/952185 Title: ~/.pam_environment not parsed when HOME is encrypted To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/952185/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 952185] Re: ~/.pam_environment not parsed when HOME is encrypted
** Changed in: openssh (Ubuntu) Status: New = Triaged ** Changed in: openssh (Ubuntu Precise) Status: New = Triaged -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openssh in Ubuntu. https://bugs.launchpad.net/bugs/952185 Title: ~/.pam_environment not parsed when HOME is encrypted To manage notifications about this bug go to: https://bugs.launchpad.net/lightdm/+bug/952185/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
