67708 – PAM can't unmount home directory following logout from 'su -' in special case

Bug 67708 - PAM can't unmount home directory following logout from 'su -' in special case

Summary: PAM can't unmount home directory following logout from 'su -' in special case

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	sh-utils
Sub Component:
Version:	7.3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	low
Target Milestone:	---
Assignee:	wdovlrrw
QA Contact:	Ben Levenson
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-06-30 09:26 UTC by W. Michael Petullo
Modified:	2007-04-18 16:43 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2004-05-28 18:20:21 UTC
Embargoed:

Attachments	(Terms of Use)

Description W. Michael Petullo 2002-06-30 09:26:25 UTC

From Bugzilla Helper:
User-Agent: Mozilla/5.0 Galeon/1.2.5 (X11; Linux i686; U;) Gecko/0

Description of problem:
Please note that I discoverd this bug because I installed some non-Red Hat
supported tools.  Though my example uses these tools to demonstrate the bug, I
still feel it is a bug that should be fixed.

I use the pam_mount PAM module to mount loopback encrypted home directories upon
logging in and unmount them upon logging out.  This works fine except when I use
'su -'.  In this case, the encrypted filesystem is mounted but cannot be
unmounted because su performs a chdir(~).

The chdir() call in su should happen after the fork() so that it does not affect
the parent PAM-controlling process.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
Again, these steps use non-Red Hat supported tools, but I believe the bug is a
bug regardless:

1.  Apply the patch at http://www-2.cs.cmu.edu/~mukesh/hacks.html to pam_mount
(http://pam-mount.conectevil.com/).
2.  Configure to pam_mount to mount a loopback encrypted filesystem for a user,
mike for example.
3.  Log in as another user.
4.  su - mike
5.  <loopback encrypted filesystem is mounted>
6.  exit
	

Actual Results:  Loopback encrypted filesystem is *not* unmounted because the su
process is chdir()ed to ~.  umount says: /home/mike: device is busy.

Expected Results:  Loopback encrypted filesystem should be unmounted.

Additional info:

Here is a small patch which fixes this bug:

--- su.c.orig   Sun Jun 30 10:56:57 2002
+++ su.c        Sun Jun 30 10:56:02 2002
@@ -509,6 +509,9 @@
       char *arg0;
       char *shell_basename;

+      if (chdir (pw->pw_dir))
+        error (0, errno, _("warning: cannot change directory to %s"),
+              pw->pw_dir);
       shell_basename = base_name (shell);
       arg0 = xmalloc (strlen (shell_basename) + 2);
       arg0[0] = '-';
@@ -762,8 +765,6 @@
 #else
   change_identity (pw);
 #endif
-  if (simulate_login && chdir (pw->pw_dir))
-    error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);

   run_shell (shell, command, additional_args, pw);
 }

Comment 1 Bernhard Rosenkraenzer 2002-08-29 20:02:05 UTC

Fixed in 2.0.12-3

Note You need to log in before you can comment on or make changes to this bug.