Bug 25232

Summary: [patch] "Could not open lock file"
Product: [Retired] Red Hat Linux Reporter: Tim Waugh <twaugh>
Component: kdebaseAssignee: Bernhard Rosenkraenzer <bero>
Status: CLOSED RAWHIDE QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard: Florence Gold
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-02-05 13:43:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
kdebase-pamexit.patch none

Description Tim Waugh 2001-01-29 22:46:46 UTC 
I'm getting these messages in /var/lock/secure, and console.perms is 
ineffective:

Jan 29 21:42:18 cyberelk pam_console[4273]: Could not open lock file 
/var/lock/console/tim, disallowing console access

drwxr-xr-x    2 root     root         1024 Jan 29 21:49 /var/lock/console

/var is in partition /, mounted rw, 13% used.

This is an upgrade from Red Hat Linux 7.  I haven't seen this on any 
other machines though.
Comment 1 Nalin Dahyabhai 2001-01-29 23:12:05 UTC 
Which service are you using to log in (login or kdm or gdm or xdm)?  Can you
strace the binary from another VT and determine what the error was?  If the file
exists, what are its permissions?
Comment 2 Glen Foster 2001-01-30 00:06:06 UTC 
This defect is considered MUST-FIX for Florence Gold release
Comment 3 Tim Waugh 2001-01-30 15:18:09 UTC 
This was just a stale /var/lock/console.lock file I think.  I removed that and
now it works.
Comment 4 Tim Waugh 2001-01-30 17:34:26 UTC 
Hmm, the same thing happened on another machine now. :-/
Comment 5 Tim Waugh 2001-01-30 17:50:29 UTC 
Okay, how-to-reproduce:

In /etc/sysconfig/desktop, use KDE.
Reboot the machine to clear out any old console.lock.
Go to runlevel 5.
Log in remotely to observe.
In the remote terminal, verify that (for example) /dev/dsp is owned by
root.root.
Log on as a non-root user.
Verify that /dev/dsp is owned by that user.
Log out.

/dev/dsp is still owned by the non-root user.

This is looking at lot like bug 25048 now actually.
Comment 6 Tim Waugh 2001-01-30 17:51:23 UTC 

*** This bug has been marked as a duplicate of 25048 ***
Comment 7 Tim Waugh 2001-02-04 19:16:01 UTC 
Okay, 25048 is fixed, but this bug remains.
Comment 8 Tim Waugh 2001-02-05 13:41:41 UTC 
Created attachment 9002 [details]
kdebase-pamexit.patch
Comment 9 Tim Waugh 2001-02-05 13:43:25 UTC 
The above patch fixes it for me.  kdm was calling pam_close_session and setuid
in the wrong order.

Someone should check that this patch doesn't introduce any extra security
problems, but I think it's fine (it's similar to what /bin/login does).
Comment 10 Bernhard Rosenkraenzer 2001-02-05 15:56:10 UTC 
Fixed, thanks for the patch.