75825 – Failed RPM installs cause su to remain open

Bug 75825 - Failed RPM installs cause su to remain open

Summary: Failed RPM installs cause su to remain open

Status:	CLOSED WORKSFORME
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	usermode
Sub Component:
Version:	8.0
Hardware:	i686
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:
Docs Contact:
URL:
Whiteboard:
Keywords:	Security
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2002-10-13 11:29 UTC by Paul Johnson
Modified:	2007-03-27 03:57 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:
Doc Text:	(edit)
Clone Of:
Environment:	(edit)
Last Closed:	2003-10-02 11:29:56 UTC

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Paul Johnson 2002-10-13 11:29:23 UTC

Description of Problem:
Failed RPM installations leave the root permission on - applies when not logged
in as the root

Version-Release number of selected component (if applicable):


How Reproducible:
Always

Steps to Reproduce:
1. Download (say) the realplayer for Linux from real.com. 
2. Open with the application installer, type in the root password
3. The RPM install fails (does not get as far as checking the RPM headers), the
keys remain. It is then possible to access locked off areas.

Actual Results:
The keys remain, user still has su access

Expected Results:
The failure should be reported on screen and su access removed

Additional Information:
If the RPM fails to install, it is then not possible to install RPMs via either
the terminal or via the add application method - the only method of resetting
which will work is to reset the machine. Given it is a global addition when
installing an RPM, this is not suprising.

Comment 1 Jeremy Katz 2002-10-31 22:42:42 UTC

This is the intended behavior of using pam_timestamp... from the release notes

     o Some of the configuration tools use pam_timestamp, a module for
       implementing sudo-style authentication timestamps via PAM. The
       authentication function checks for the existence of the timestamp
       file. If the file exists and is less than five minutes old (the same
       default as sudo), authentication succeeds without prompting for the
       root password again.

       If a program with pam_timestamp support is started from the Main Menu
       button or Nautilus and successfully authenticated, a key icon will
       appear in the panel notification area to show that an authenticated
       user has cached root authentication. When the authentication expires,
       the icon is removed.

Comment 2 Paul Johnson 2002-11-01 23:54:21 UTC

Unfortunately, the revocation of the keys doesn't happen until the machine is
reset, nor are you able to install any other packages via either the rpm command
line or the add packages systems.

Comment 3 Alan Cox 2002-12-18 18:09:35 UTC

Unable to duplicate.. Curious

Comment 4 Jeremy Katz 2002-12-18 20:27:37 UTC

Me neither and as far as I know, Nalin hasn't heard anything either.  In any
case, it's not redhat-config-packages doing it.  If anything, it's pam_timestamp
but I haven't seen anything, although I'll leave it to Nalin to be definitive about

Comment 5 Mark J. Cox 2003-10-02 11:29:56 UTC

This bug is quite old, closing it off - the "not able to install packages" could
just be a problem with rpm locks files (try rm /var/lib/rpm/__* ), and the
authentication staying open is exepected behaviour of pam_timestamp.

Note You need to log in before you can comment on or make changes to this bug.