Bug 13136 - PAM: console device grants not revoked on logout
PAM: console device grants not revoked on logout
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-06-27 18:44 EDT by Chris Evans
Modified: 2008-05-01 11:37 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-07-21 18:12:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chris Evans 2000-06-27 18:44:46 EDT
I log in as "chris" on tty1
User "chris" gets ownership of /dev/fd0, /dev/gpmctl, etc. etc.
I log out
Ownership of all the devices has _NOT_ reverted back to root.
I have verified that RH6.1 behaves correctly and does the reversions
Comment 1 Nalin Dahyabhai 2000-07-03 03:24:39 EDT
I can't reproduce this.  Which service are you logging into?  Console login?
GDM?  KDM?  XDM?  What are the contents of the relevant /etc/pam.d configuration
file and /etc/pam.d/system-auth?
Comment 2 Chris Evans 2000-07-08 18:34:04 EDT
Was definitely non-graphical console login. I run at runlevel 3. Default, full
BETA-2 install from scratch. Will reboot into BETA-2 and get a test-case..
Comment 3 Chris Evans 2000-07-08 18:41:42 EDT
Here is system-auth
#%PAM-1.0
# This file is auto-generated.
# User changes will be destroyed the next time authconfig is run.
auth        sufficient    /lib/security/pam_unix.so likeauth nullok md5 shadow
auth        required      /lib/security/pam_deny.so
account     sufficient    /lib/security/pam_unix.so
account     required      /lib/security/pam_deny.so
password    required      /lib/security/pam_cracklib.so retry=3
password    sufficient    /lib/security/pam_unix.so nullok use_authtok md5
shadow
password    required      /lib/security/pam_deny.so
session     required      /lib/security/pam_limits.so
session     required      /lib/security/pam_unix.so

And here is login
#%PAM-1.0
auth       required     /lib/security/pam_securetty.so
auth       required     /lib/security/pam_stack.so service=system-auth
auth       required     /lib/security/pam_nologin.so
account    required     /lib/security/pam_stack.so service=system-auth
password   required     /lib/security/pam_stack.so service=system-auth
session    required     /lib/security/pam_stack.so service=system-auth
session    optional     /lib/security/pam_console.so

Let me know if you want console.perms, but it is unchanged from the install. I
haven't changed ANY config files since the default install in fact.
Comment 4 Chris Evans 2000-07-08 18:50:11 EDT
OK... I see this problem if I
1) Log in on text console tty1 as "chris"
2) Log out
3) Log in on tty1 as "root"
4) "ls -l /dev/fd0" (or any other console device).
5) .. and it's still owned by "chris"

Let me know if you still can't reproduce
Comment 5 Nalin Dahyabhai 2000-07-10 11:23:29 EDT
Are you using NIS?
Comment 6 Chris Evans 2000-07-10 16:10:03 EDT
According to "authconfig": no.
I'm blowing away my BETA2 for a BETA3 tonight. Will see if it persists.
Comment 7 Nalin Dahyabhai 2000-07-10 16:41:53 EDT
I was able to (briefly) reproduce this on Beta 2, but not under Beta 3.  I'm
tempted to chalk it up to compiler wackiness, as the pam_console module
didn't change between 6.2 and beta 2.
Comment 8 Chris Evans 2000-07-21 18:12:20 EDT
Nalin - when my BETA5 CD's arrive I will re-test and close if it does not
reproduce.
Note however a bugzilla deficiency: there is no resolution status "COMPILER
WACKINESS" :-)
Comment 9 Chris Evans 2000-07-31 18:04:13 EDT
BETA5 seems to be behaving fine.
Perhaps whilst text console testing, I was logged in on X in the background.
Or perhaps it was compiler wackiness. I suspect an X login hanging around in the
background, though.
Anyway.. closed.

Note You need to log in before you can comment on or make changes to this bug.