Bug 14644 - pam_console uses bogus syslog priorities
Summary: pam_console uses bogus syslog priorities
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam   
(Show other bugs)
Version: 6.2
Hardware: i386 Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact:
: 14646 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2000-07-25 23:31 UTC by Chris Siebenmann
Modified: 2008-05-01 15:37 UTC (History)
0 users

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-07-26 19:20:59 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
strip LOG_PID|LOG_AUTHPRIV from all _pam_log() calls, repair any that now miss a priority (11.63 KB, patch)
2000-07-25 23:36 UTC, Chris Siebenmann
no flags Details | Diff

Description Chris Siebenmann 2000-07-25 23:31:35 UTC
The pam_console pam module has an internal _pam_log() module to do
syslog()ing with; the first argument of this routine is is passed to
vsyslog() (which in turn passes it to syslog()) as the priority of the
syslog message.

 Unfortunately, pam_console misuses this argument to pass values only
valid for openlog(). One of them is OPEN_PID, which has the same value
as LOG_ALERT, which ensures that most syslog messages pam_console sends
have their priorities jumbled. In practical effect this seems to make
syslogd believe that various things have elevated priorities and blat
them all over creation.

 This is wrong and quite bad; people rely on correct syslog priorities
to, eg, route some urgent syslog messages to consoles (or even pagers)
for immediate attention.

 I will attach a patch that is a first cut at fixing this. (I suspect
that all log priorities should be reviewed, too. As a first cut, I doubt
a syslog made only when debugging is on should ever have a priority
other than LOG_DEBUG.)

Comment 1 Chris Siebenmann 2000-07-25 23:36:53 UTC
Created attachment 1552 [details]
strip LOG_PID|LOG_AUTHPRIV from all _pam_log() calls, repair any that now miss a priority

Comment 2 Nalin Dahyabhai 2000-07-26 19:20:58 UTC
*** Bug 14646 has been marked as a duplicate of this bug. ***

Comment 3 Nalin Dahyabhai 2000-07-26 19:22:49 UTC
Upon examination of the logging code in pam_console, this is clearly
wrong.  A fixed version (pam-0.72-23) which logs nothing but errors
(unless the "debug" flag is supplied) will appear in Raw Hide shortly.

Note You need to log in before you can comment on or make changes to this bug.