Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 14644

Summary: pam_console uses bogus syslog priorities
Product: [Retired] Red Hat Linux Reporter: Chris Siebenmann <cks-rhbugzilla>
Component: pamAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-07-26 19:20:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
strip LOG_PID|LOG_AUTHPRIV from all _pam_log() calls, repair any that now miss a priority none

Description Chris Siebenmann 2000-07-25 23:31:35 UTC 
The pam_console pam module has an internal _pam_log() module to do
syslog()ing with; the first argument of this routine is is passed to
vsyslog() (which in turn passes it to syslog()) as the priority of the
syslog message.

 Unfortunately, pam_console misuses this argument to pass values only
valid for openlog(). One of them is OPEN_PID, which has the same value
as LOG_ALERT, which ensures that most syslog messages pam_console sends
have their priorities jumbled. In practical effect this seems to make
syslogd believe that various things have elevated priorities and blat
them all over creation.

 This is wrong and quite bad; people rely on correct syslog priorities
to, eg, route some urgent syslog messages to consoles (or even pagers)
for immediate attention.

 I will attach a patch that is a first cut at fixing this. (I suspect
that all log priorities should be reviewed, too. As a first cut, I doubt
a syslog made only when debugging is on should ever have a priority
other than LOG_DEBUG.)
Comment 1 Chris Siebenmann 2000-07-25 23:36:53 UTC 
Created attachment 1552 [details]
strip LOG_PID|LOG_AUTHPRIV from all _pam_log() calls, repair any that now miss a priority
Comment 2 Nalin Dahyabhai 2000-07-26 19:20:58 UTC 
*** Bug 14646 has been marked as a duplicate of this bug. ***
Comment 3 Nalin Dahyabhai 2000-07-26 19:22:49 UTC 
Upon examination of the logging code in pam_console, this is clearly
wrong.  A fixed version (pam-0.72-23) which logs nothing but errors
(unless the "debug" flag is supplied) will appear in Raw Hide shortly.