Bug 75825

Summary: Failed RPM installs cause su to remain open
Product: [Retired] Red Hat Linux Reporter: Paul Johnson <paulf.johnson>
Component: usermodeAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED WORKSFORME QA Contact:
Severity: medium Docs Contact:
Priority: high    
Version: 8.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: i686   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-10-02 11:29:56 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Paul Johnson 2002-10-13 11:29:23 UTC 
Description of Problem:
Failed RPM installations leave the root permission on - applies when not logged
in as the root

Version-Release number of selected component (if applicable):


How Reproducible:
Always

Steps to Reproduce:
1. Download (say) the realplayer for Linux from real.com. 
2. Open with the application installer, type in the root password
3. The RPM install fails (does not get as far as checking the RPM headers), the
keys remain. It is then possible to access locked off areas.

Actual Results:
The keys remain, user still has su access

Expected Results:
The failure should be reported on screen and su access removed

Additional Information:
If the RPM fails to install, it is then not possible to install RPMs via either
the terminal or via the add application method - the only method of resetting
which will work is to reset the machine. Given it is a global addition when
installing an RPM, this is not suprising.
Comment 1 Jeremy Katz 2002-10-31 22:42:42 UTC 
This is the intended behavior of using pam_timestamp... from the release notes

     o Some of the configuration tools use pam_timestamp, a module for
       implementing sudo-style authentication timestamps via PAM. The
       authentication function checks for the existence of the timestamp
       file. If the file exists and is less than five minutes old (the same
       default as sudo), authentication succeeds without prompting for the
       root password again.

       If a program with pam_timestamp support is started from the Main Menu
       button or Nautilus and successfully authenticated, a key icon will
       appear in the panel notification area to show that an authenticated
       user has cached root authentication. When the authentication expires,
       the icon is removed.
Comment 2 Paul Johnson 2002-11-01 23:54:21 UTC 
Unfortunately, the revocation of the keys doesn't happen until the machine is
reset, nor are you able to install any other packages via either the rpm command
line or the add packages systems.
Comment 3 Alan Cox 2002-12-18 18:09:35 UTC 
Unable to duplicate.. Curious
Comment 4 Jeremy Katz 2002-12-18 20:27:37 UTC 
Me neither and as far as I know, Nalin hasn't heard anything either.  In any
case, it's not redhat-config-packages doing it.  If anything, it's pam_timestamp
but I haven't seen anything, although I'll leave it to Nalin to be definitive about
Comment 5 Mark J. Cox 2003-10-02 11:29:56 UTC 
This bug is quite old, closing it off - the "not able to install packages" could
just be a problem with rpm locks files (try rm /var/lib/rpm/__* ), and the
authentication staying open is exepected behaviour of pam_timestamp.