1861640 – pam_motd reads files as root instead of target user

Bug 1861640 - pam_motd reads files as root instead of target user

Summary: pam_motd reads files as root instead of target user

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pam
Sub Component:
Version:	32
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Iker Pedrosa
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:	sync-to-jira
Depends On:
Blocks:	1872562
TreeView+	depends on / blocked

Reported:	2020-07-29 06:54 UTC by Martin Pitt
Modified:	2020-11-11 01:19 UTC (History)
CC List:	2 users (show)
Fixed In Version:	pam-1.4.0-5.fc33 pam-1.3.1-27.fc32
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-10-26 01:06:02 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Martin Pitt 2020-07-29 06:54:42 UTC

Description of problem:

Description of problem: We would like to put some messages in /etc/motd.d (or /run/motd.d) which only apply to system administrators, i. e. are readable by root or the wheel group. But it seems pam_motd reads all the motd files as root instead of as the target user.

I wouldn't really classify that as a security issue, but it does cause some mild annoyance of users who see messages that don't apply to them.

Version-Release number of selected component (if applicable):

pam-1.3.1-26.fc32.x86_64


How reproducible: Always


Steps to Reproduce:
1. echo rootonly > /etc/motd.d/rootonly && chmod 600 /etc/motd.d/rootonly
2. Log in (I tested with ssh) as a non-root user

Actual results:
I see "rootonly" in the motd output after logging in.


Expected results:
I should not see "rootonly" as the user can't read /etc/motd.d/rootonly.


Additional info:

Comment 2 Iker Pedrosa 2020-10-14 10:35:02 UTC

* master:
    16cebfeb30a8bd7c7dc269190a054c25b0f8d044 - pam_motd: filter motd by user and group
    ad8b6feaf8ea989368676acaea905998a807986e - pam_motd: document file filtering

Comment 3 Fedora Update System 2020-10-19 09:11:29 UTC

FEDORA-2020-b81b1f2e11 has been submitted as an update to Fedora 33. https://bodhi.fedoraproject.org/updates/FEDORA-2020-b81b1f2e11

Comment 4 Fedora Update System 2020-10-20 14:23:21 UTC

FEDORA-2020-b81b1f2e11 has been pushed to the Fedora 33 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-b81b1f2e11`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-b81b1f2e11

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 5 Fedora Update System 2020-10-26 01:06:02 UTC

FEDORA-2020-b81b1f2e11 has been pushed to the Fedora 33 stable repository.
If problem still persists, please make note of it in this bug report.

Comment 6 Fedora Update System 2020-10-26 12:18:10 UTC

FEDORA-2020-082fed0894 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-082fed0894

Comment 7 Fedora Update System 2020-10-27 02:22:53 UTC

FEDORA-2020-082fed0894 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --advisory=FEDORA-2020-082fed0894`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-082fed0894

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

Comment 8 Fedora Update System 2020-11-11 01:19:57 UTC

FEDORA-2020-082fed0894 has been pushed to the Fedora 32 stable repository.
If problem still persists, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.