Bug 14644 - pam_console uses bogus syslog priorities
pam_console uses bogus syslog priorities
Status: CLOSED RAWHIDE
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
6.2
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
:
: 14646 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-07-25 19:31 EDT by Chris Siebenmann
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2000-07-26 15:20:59 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
strip LOG_PID|LOG_AUTHPRIV from all _pam_log() calls, repair any that now miss a priority (11.63 KB, patch)
2000-07-25 19:36 EDT, Chris Siebenmann
no flags Details | Diff

  None (edit)
Description Chris Siebenmann 2000-07-25 19:31:35 EDT
The pam_console pam module has an internal _pam_log() module to do
syslog()ing with; the first argument of this routine is is passed to
vsyslog() (which in turn passes it to syslog()) as the priority of the
syslog message.

 Unfortunately, pam_console misuses this argument to pass values only
valid for openlog(). One of them is OPEN_PID, which has the same value
as LOG_ALERT, which ensures that most syslog messages pam_console sends
have their priorities jumbled. In practical effect this seems to make
syslogd believe that various things have elevated priorities and blat
them all over creation.

 This is wrong and quite bad; people rely on correct syslog priorities
to, eg, route some urgent syslog messages to consoles (or even pagers)
for immediate attention.

 I will attach a patch that is a first cut at fixing this. (I suspect
that all log priorities should be reviewed, too. As a first cut, I doubt
a syslog made only when debugging is on should ever have a priority
other than LOG_DEBUG.)
Comment 1 Chris Siebenmann 2000-07-25 19:36:53 EDT
Created attachment 1552 [details]
strip LOG_PID|LOG_AUTHPRIV from all _pam_log() calls, repair any that now miss a priority
Comment 2 Nalin Dahyabhai 2000-07-26 15:20:58 EDT
*** Bug 14646 has been marked as a duplicate of this bug. ***
Comment 3 Nalin Dahyabhai 2000-07-26 15:22:49 EDT
Upon examination of the logging code in pam_console, this is clearly
wrong.  A fixed version (pam-0.72-23) which logs nothing but errors
(unless the "debug" flag is supplied) will appear in Raw Hide shortly.

Note You need to log in before you can comment on or make changes to this bug.