Bug 25232 - [patch] "Could not open lock file"
Summary: [patch] "Could not open lock file"
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: kdebase
Version: 7.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Bernhard Rosenkraenzer
QA Contact: Aaron Brown
Whiteboard: Florence Gold
Keywords: Security
Depends On:
TreeView+ depends on / blocked
Reported: 2001-01-29 22:46 UTC by Tim Waugh
Modified: 2007-04-18 16:30 UTC (History)
0 users

Clone Of:
Last Closed: 2001-02-05 13:43:29 UTC

Attachments (Terms of Use)
kdebase-pamexit.patch (700 bytes, patch)
2001-02-05 13:41 UTC, Tim Waugh
no flags Details | Diff

Description Tim Waugh 2001-01-29 22:46:46 UTC
I'm getting these messages in /var/lock/secure, and console.perms is 

Jan 29 21:42:18 cyberelk pam_console[4273]: Could not open lock file 
/var/lock/console/tim, disallowing console access

drwxr-xr-x    2 root     root         1024 Jan 29 21:49 /var/lock/console

/var is in partition /, mounted rw, 13% used.

This is an upgrade from Red Hat Linux 7.  I haven't seen this on any 
other machines though.

Comment 1 Nalin Dahyabhai 2001-01-29 23:12:05 UTC
Which service are you using to log in (login or kdm or gdm or xdm)?  Can you
strace the binary from another VT and determine what the error was?  If the file
exists, what are its permissions?

Comment 2 Glen Foster 2001-01-30 00:06:06 UTC
This defect is considered MUST-FIX for Florence Gold release

Comment 3 Tim Waugh 2001-01-30 15:18:09 UTC
This was just a stale /var/lock/console.lock file I think.  I removed that and
now it works.

Comment 4 Tim Waugh 2001-01-30 17:34:26 UTC
Hmm, the same thing happened on another machine now. :-/

Comment 5 Tim Waugh 2001-01-30 17:50:29 UTC
Okay, how-to-reproduce:

In /etc/sysconfig/desktop, use KDE.
Reboot the machine to clear out any old console.lock.
Go to runlevel 5.
Log in remotely to observe.
In the remote terminal, verify that (for example) /dev/dsp is owned by
Log on as a non-root user.
Verify that /dev/dsp is owned by that user.
Log out.

/dev/dsp is still owned by the non-root user.

This is looking at lot like bug 25048 now actually.

Comment 6 Tim Waugh 2001-01-30 17:51:23 UTC

*** This bug has been marked as a duplicate of 25048 ***

Comment 7 Tim Waugh 2001-02-04 19:16:01 UTC
Okay, 25048 is fixed, but this bug remains.

Comment 8 Tim Waugh 2001-02-05 13:41:41 UTC
Created attachment 9002 [details]

Comment 9 Tim Waugh 2001-02-05 13:43:25 UTC
The above patch fixes it for me.  kdm was calling pam_close_session and setuid
in the wrong order.

Someone should check that this patch doesn't introduce any extra security
problems, but I think it's fine (it's similar to what /bin/login does).

Comment 10 Bernhard Rosenkraenzer 2001-02-05 15:56:10 UTC
Fixed, thanks for the patch.

Note You need to log in before you can comment on or make changes to this bug.