Bug 59936
Summary: | console.perms breaks | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Gabriel Schulhof <gabrielschulhof> |
Component: | pam | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Aaron Brown <abrown> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 7.2 | CC: | kmaraas, per.starback, wpalenst |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-12-12 08:54:33 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Gabriel Schulhof
2002-02-15 05:47:39 UTC
I think I may have found both the cause and the resolution of the bug. Cause: When I log in as any user via X, I get console ownership and various other goodies. When I kill X brutally (C-A-Backspace) instead of gracefully, Bad Things happen: - /etc/X11/xdm/TakeConsole doesn't get executed - /var/run/console.lock doesn't get removed - /var/run/console now contains a file called 'nix' that contains 1 byte:'1' Fix (as root): /etc/X11/xdm/TakeConsole rm /var/run/console.lock rm /var/run/console/nix1 pam_console_apply -r Consequently, I have been able to completely and consistently reproduce the behaviour: 1. Log in remotely as root. 2. useradd -g users nix1 3. passwd nix1 4. Log into X via gdm locally as nix1 5. C-A-Backspace (kills X) That's it, the ownership auto-assignment cycle is now broken, until (as mentioned): [root@...]# /etc/X11/xdm/TakeConsole [root@...]# rm /var/run/console.lock [root@...]# rm /var/console/nix1 [root@...]# pam_console_apply -r The crucial step seems to be rm /var/console/nix1 Would it be possible/wise to run these steps from someplace where the exit status of X is within the scope of the script (Checkable via $? or some such). By this I mean that you should include this kind of 'X-has-crashed-so-if-the-user-had-the-ownerships-then-fix-it-so-the-automagic-ownership-reassignment-works-again' check somewhere in the X/[xkg]dm-related scripts. Are these steps enough ? Am I missing something due to the fact that I'm not thoroughly familiar with the workings of these ownership assignments ? Thanks for your support. (Using RH 7.2, pam-0.72-19, gdm-2.2.3.1-20) AFAICT this is caused by somewhat of a problem in pam_console: When you kill X with Ctrl-Alt-Backspace, the socket /tmp/.X11-unix/X0 (or X1, or ...) is removed. Then, when pam_console.c:pam_sm_close_session is called (in my case from gdm's gdm_slave_session_stop,gdm_verify_cleanup), it checks whether the 'tty' the user was logged in to (ie. :0, :1, etc...) actually exists. In the X display case, this translates to the existance of the mentioned /tmp/.X11-unix/X? file. This check now clearly fails, and so the console use-count isn't decremented and console.lock isn't removed, causing the problems mentioned in the original bugreport. To recap, the code path that causes this specific problem is: pam_session.c:pam_close_session(), calls (through dispatch and all that) pam_console.c:pam_sm_close_session(), calls config.y:check_console_name(), which checks the existance of /tmp/.X11-unix/X? *** Bug 71468 has been marked as a duplicate of this bug. *** It looks like this works ok in RHL 9 at least. I'm using gdm and I see /tmp/X11-unix/X0 after killing X with ctrl+alt+backspace. |