Bug 97046 - xscreensaver can't be unlocked
Summary: xscreensaver can't be unlocked
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam   
(Show other bugs)
Version: 8.0
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Jay Turner
Depends On:
TreeView+ depends on / blocked
Reported: 2003-06-09 16:34 UTC by Peter Benie
Modified: 2015-01-08 00:05 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2004-10-27 08:09:25 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Peter Benie 2003-06-09 16:34:57 UTC
Description of problem:

Programs that run pam as a non-root user, which causes pam_unix to invoke the
unix_chkpwd setuid helper, may fail to be able to verify the password due a
signal handling bug in the PAM module. xscreensaver is one such application.

Version-Release number of selected component (if applicable): 0.75-46.8.0

How reproducible:

On my system, it's very reproducible, but reproducibility will vary depending on
a number of factors, especially:
  * SMP vs UP
  * the kernel's choice of which process to schedule after fork(), and 
  * the precise details of how SIG_IGN is implemented for SIGCHLD. 

I'm currently using kernel 2.5.70.

The problem is in Linux-PAM-0.75/modules/pam_unix/support.c, lines 537-541:

    /* save the address of the old SIGCHLD handler, because if the calling
       application set a handler, we need to disable it so that we can reap
       the helper after it quits */
    sighandler = signal(SIGCHLD, SIG_IGN);

The comment is right but the code is wrong. Setting the handler to SIG_IGN
causes the kernel to automatically reap the exit status of /sbin/unix_chkpwd
away, so when the parent calls waitpid, it gets ECHILD. 

Really this code shouldn't work at all. I'm guessing that it does only because
the 2.4 kernel returns the status from waitpid despite the setting of SIGCHLD.
Occasionally the code will fail because the child will finish before the parent
calls waitpid().

To fix, block the signal (eg. with sigprocmask(SIG_BLOCK, ...)) rather than
ignoring the signal.

Comment 1 Thomas J. Baker 2003-08-04 12:43:30 UTC
I am experiencing this bug with an SMP system running the 2.6.0-test2 kernel and
rawhide. The screensaver seems to hang after typing in the password.

Comment 2 Thomas J. Baker 2003-08-21 19:06:09 UTC
I may be experiencing a different bug here. When I added a local passwd account,
unlocking worked fine. It fails with a yp account though. And it continues to
fail with 2.6.0-0.test3.1.31smp.

Comment 3 Tomas Mraz 2004-09-09 07:35:18 UTC
This is fixed by using SIG_DFL flag instead SIG_IGN in the current
version - pam-0.77-55.

Note You need to log in before you can comment on or make changes to this bug.