[Touch-packages] [Bug 1067779] Re: missing pam_loginuid.so breaks getlogin()
cron (3.0pl1-124.1) unstable; urgency=medium * Non-maintainer upload. * Add pam_loginuid module to the PAM session stack (Closes: #677443) * Add systemd service file. Thanks to Michael Stapelberg (Closes: #652440) -- Laurent BigonvilleSun, 25 May 2014 21:21:19 +0200 ** Changed in: cron (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1067779 Title: missing pam_loginuid.so breaks getlogin() Status in at package in Ubuntu: Fix Released Status in cron package in Ubuntu: Fix Released Status in openssh package in Ubuntu: Fix Released Status in shadow package in Ubuntu: Fix Released Status in at package in Debian: Fix Released Status in cron package in Debian: Fix Released Status in openssh package in Debian: Fix Released Status in shadow package in Debian: Fix Released Bug description: getlogin() call in new glibc checks /proc/self/loginuid presence and trust its value as most safe source (due it's audit-related nature). But default /etc/pam.d/common-account doesn't contains entry to pam_loginuid.so which modify /proc/self/loginuid properly. This breaks getlogin() at many scenarios like this: (pam session without pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";' root (pam session without pam_loginuid)$ id uid=1000(... just because /proc/self/loginuid contains '0' value If I add pam_loginuid.so to /etc/pam.d/common-account like http://manpages.ubuntu.com/manpages/precise/man8/pam_loginuid.8.html recommend, everything worked as expected: (pam session with pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";' user (pam session with pam_loginuid)$ id uid=1000(... # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS" # dpkg -l|fgrep libpam ii libpam-ck-connector 0.4.5-2 ConsoleKit PAM module ii libpam-modules 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM ii libpam-modules-bin 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM - helper binaries ii libpam-runtime 1.1.3-7ubuntu2 Runtime support for the PAM library ii libpam0g 1.1.3-7ubuntu2 Pluggable Authentication Modules library To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/at/+bug/1067779/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1067779] Re: missing pam_loginuid.so breaks getlogin()
at (3.1.15-1) unstable; urgency=medium * New upstream release: + pam.conf: require pam_loginuid.so (Closes: #677442) * Bumped Standards-Version to 3.9.5 (no changes). -- Ansgar BurchardtSun, 10 Aug 2014 14:03:16 +0200 ** Changed in: at (Ubuntu) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to shadow in Ubuntu. https://bugs.launchpad.net/bugs/1067779 Title: missing pam_loginuid.so breaks getlogin() Status in at package in Ubuntu: Fix Released Status in cron package in Ubuntu: Fix Released Status in openssh package in Ubuntu: Fix Released Status in shadow package in Ubuntu: Fix Released Status in at package in Debian: Fix Released Status in cron package in Debian: Fix Released Status in openssh package in Debian: Fix Released Status in shadow package in Debian: Fix Released Bug description: getlogin() call in new glibc checks /proc/self/loginuid presence and trust its value as most safe source (due it's audit-related nature). But default /etc/pam.d/common-account doesn't contains entry to pam_loginuid.so which modify /proc/self/loginuid properly. This breaks getlogin() at many scenarios like this: (pam session without pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";' root (pam session without pam_loginuid)$ id uid=1000(... just because /proc/self/loginuid contains '0' value If I add pam_loginuid.so to /etc/pam.d/common-account like http://manpages.ubuntu.com/manpages/precise/man8/pam_loginuid.8.html recommend, everything worked as expected: (pam session with pam_loginuid)$ perl -e '$t=getlogin; print "$t\n";' user (pam session with pam_loginuid)$ id uid=1000(... # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise DISTRIB_DESCRIPTION="Ubuntu 12.04 LTS" # dpkg -l|fgrep libpam ii libpam-ck-connector 0.4.5-2 ConsoleKit PAM module ii libpam-modules 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM ii libpam-modules-bin 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM - helper binaries ii libpam-runtime 1.1.3-7ubuntu2 Runtime support for the PAM library ii libpam0g 1.1.3-7ubuntu2 Pluggable Authentication Modules library To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/at/+bug/1067779/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1067779] Re: missing pam_loginuid.so breaks getlogin()
This bug was fixed in the package shadow - 1:4.2-3.1ubuntu1 --- shadow (1:4.2-3.1ubuntu1) xenial; urgency=low * Merge from Debian unstable. - Includes pam_loginuid in login PAM config. LP: #1067779. - Fixes typo in usermod -h output. LP: #1348873. * Remaining changes: - debian/passwd.upstart: Add an upstart job to clear locks on [shadow-]passwd/group. - debian/login.defs: + Update documentation of USERGROUPS_ENAB: with pam_umask, the UPG handling does not only apply to "former (pre-PAM) uses". + Update documentation of UMASK: Explain that USERGROUPS_ENAB will modify this default for UPGs. - debian/{source_shadow.py,rules}: Add apport hook - Pass noupdate to pam_motd call for /run/motd.dynamic, to avoid running /etc/update-motd.d/* scripts twice. - debian/patches/1010_extrausers.patch: Add support to passwd for libnss-extrausers - debian/patches/1011_extrausers_toggle.patch: extrausers support for useradd and groupadd - debian/patches/userns/subuids-nonlocal-users: Don't limit subuid/subgid support to local users. * Dropped changes, included in Debian: - Allow LXC devices (lxc/console, lxc/tty[1234]), used from precise on. - Add uidmap package based on upstream patches that introduce newuidmap/newgidmap as well as /etc/subuid and /etc/subgid. Additional updates on those to widen the default allocation to 65536 uids and gids and only assign ranges to non-system users. - debian/patches/1020_fix_user_busy_errors: Call sub_uid_close in all error cases. * Dropped changes, included upstream: - debian/patches/495_stdout-encrypted-password: chpasswd can report password hashes on stdout. - debian/patches/496_su_kill_process_group: Kill the child process group, rather than just the immediate child. * Fix pam_motd calls so that the second pam_motd is the noupdate one rather than the first, ensuring /run/motd.dynamic is always populated and shown on the first login after boot. LP: #1368864. * Don't call 'pam_exec uname', a change adopted in Debian without coordination with the Debian PAM maintainer * Use dh_installinit now for installing the upstart job, as we no longer generate a dependency on upstart-job. * Include /etc/sub[ug]id in the list of files to clear locks for on boot. LP: #1304505 * Add a systemd unit to go with the upstart job, so that lock clearing works on newer Ubuntu releases. shadow (1:4.2-3.1) unstable; urgency=medium * Non-maintainer upload. * Fix error handling in busy user detection. (Closes: #778287) shadow (1:4.2-3) unstable; urgency=low * Enforce hardened builds to workaround cdbs sometimes not building with hardening flags as in 1:4.2-2+b1 Thanks to Dr. Markus Waldeck for pointing the issue and Simon Ruderich For providing a working patch. shadow (1:4.2-2) unstable; urgency=low * The "Soumaintrain" release * The "Rigotte de Condrieu" release was 4.2-1 * Upload to unstable * Last upload integrates the use of dh_autoreconf which has the same effect then Eric Dorland's patch in 1:4.1.5.1-1.1 NMU to drop the use of automake1.9. Closes: #724434 [ Samuel Thibault ] * Enable the login package on hurd-any, but without /bin/login, still provided by the hurd package. Closes: #737805. This fix was accidentally forgotten in 1:4.2-1 [ Josh Triplett ] * use the new pam_exec functionality from pam 1.1.8-1 to implement the dynamic motd, rather than using /run/motd.dynamic from initscripts. This will allow initscripts to drop /etc/init.d/motd. Closes: #741129 [ Laurent Bigonville ] * Enable libaudit support. Closes: #745774 [ Trần Ngọc Quân ] * Vietnamese translation update. [ Christian Perrier ] * Add a lintian override for newuidmap and newgidmap setuid binaries * Add upstream signing key as debian/upstream-signing-key.asc * Check upstream signing key in debian/watch shadow (1:4.2-1) experimental; urgency=low [ Nicolas FRANCOIS (Nekral) ] * New upstream release. Fixes: - Invalid free() in su fixed by using strdup(). Thanks to Serge Hallyn for the patch. Closes: #691459 - Kill the child process group, rather than just the immediate child; this is needed now that su no longer starts a controlling terminal when not running an interactive shell. Thanks to Colin Watson for the patch. Closes: #713979 - German manpages translation update. Closes: #679152 - Improve login.defs (typographic errors and better format). Closes: #685415 - Russian translation update. Closes: #718356 - Do not assume random() is limited by RAND_MAX. Closes: #677275 - Support C libraries with unknown fields in struct passwd. Closes: #675824 - su: child cleanup is performed before terminating PAM sessions. This avoids anoying "...terminated" messages when PAM
[Touch-packages] [Bug 1067779] Re: missing pam_loginuid.so breaks getlogin()
3.0pl1-124.1ubuntu1 contains a fix for this. ** Changed in: cron (Ubuntu) Status: Confirmed = Fix Committed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cron in Ubuntu. https://bugs.launchpad.net/bugs/1067779 Title: missing pam_loginuid.so breaks getlogin() Status in “at” package in Ubuntu: Fix Committed Status in “cron” package in Ubuntu: Fix Committed Status in “openssh” package in Ubuntu: Fix Released Status in “shadow” package in Ubuntu: Confirmed Status in “at” package in Debian: Fix Released Status in “cron” package in Debian: Fix Released Status in “openssh” package in Debian: Fix Released Status in “shadow” package in Debian: Fix Released Bug description: getlogin() call in new glibc checks /proc/self/loginuid presence and trust its value as most safe source (due it's audit-related nature). But default /etc/pam.d/common-account doesn't contains entry to pam_loginuid.so which modify /proc/self/loginuid properly. This breaks getlogin() at many scenarios like this: (pam session without pam_loginuid)$ perl -e '$t=getlogin; print $t\n;' root (pam session without pam_loginuid)$ id uid=1000(... just because /proc/self/loginuid contains '0' value If I add pam_loginuid.so to /etc/pam.d/common-account like http://manpages.ubuntu.com/manpages/precise/man8/pam_loginuid.8.html recommend, everything worked as expected: (pam session with pam_loginuid)$ perl -e '$t=getlogin; print $t\n;' user (pam session with pam_loginuid)$ id uid=1000(... # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise DISTRIB_DESCRIPTION=Ubuntu 12.04 LTS # dpkg -l|fgrep libpam ii libpam-ck-connector 0.4.5-2 ConsoleKit PAM module ii libpam-modules 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM ii libpam-modules-bin 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM - helper binaries ii libpam-runtime 1.1.3-7ubuntu2 Runtime support for the PAM library ii libpam0g 1.1.3-7ubuntu2 Pluggable Authentication Modules library To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/at/+bug/1067779/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1067779] Re: missing pam_loginuid.so breaks getlogin()
** Changed in: at (Debian) Status: Fix Committed = Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to cron in Ubuntu. https://bugs.launchpad.net/bugs/1067779 Title: missing pam_loginuid.so breaks getlogin() Status in “at” package in Ubuntu: Fix Committed Status in “cron” package in Ubuntu: Confirmed Status in “openssh” package in Ubuntu: Fix Released Status in “shadow” package in Ubuntu: Confirmed Status in “at” package in Debian: Fix Released Status in “cron” package in Debian: Fix Released Status in “openssh” package in Debian: Fix Released Status in “shadow” package in Debian: Fix Released Bug description: getlogin() call in new glibc checks /proc/self/loginuid presence and trust its value as most safe source (due it's audit-related nature). But default /etc/pam.d/common-account doesn't contains entry to pam_loginuid.so which modify /proc/self/loginuid properly. This breaks getlogin() at many scenarios like this: (pam session without pam_loginuid)$ perl -e '$t=getlogin; print $t\n;' root (pam session without pam_loginuid)$ id uid=1000(... just because /proc/self/loginuid contains '0' value If I add pam_loginuid.so to /etc/pam.d/common-account like http://manpages.ubuntu.com/manpages/precise/man8/pam_loginuid.8.html recommend, everything worked as expected: (pam session with pam_loginuid)$ perl -e '$t=getlogin; print $t\n;' user (pam session with pam_loginuid)$ id uid=1000(... # cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=12.04 DISTRIB_CODENAME=precise DISTRIB_DESCRIPTION=Ubuntu 12.04 LTS # dpkg -l|fgrep libpam ii libpam-ck-connector 0.4.5-2 ConsoleKit PAM module ii libpam-modules 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM ii libpam-modules-bin 1.1.3-7ubuntu2 Pluggable Authentication Modules for PAM - helper binaries ii libpam-runtime 1.1.3-7ubuntu2 Runtime support for the PAM library ii libpam0g 1.1.3-7ubuntu2 Pluggable Authentication Modules library To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/at/+bug/1067779/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp