bugzilla-daemon at mindrot.org
2006-May-22 02:56 UTC
[Bug 1189] PAM module hangs root logout
http://bugzilla.mindrot.org/show_bug.cgi?id=1189
wknox at mitre.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Stacked PAM modules hang |PAM module hangs root logout
|root logout |
------- Comment #12 from wknox at mitre.org 2006-05-22 12:56 -------
Updated summary for accuracy
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-May-22 03:35 UTC
[Bug 1189] PAM module hangs root logout
http://bugzilla.mindrot.org/show_bug.cgi?id=1189 ------- Comment #13 from dtucker at zip.com.au 2006-05-22 13:35 ------- Descriptor 8 in the lsof output seems a likely suspect. I went back to the truss, and one thing jumped out at me: the child process closes descriptor 8 then exits. This makes me think that the cause is what is described in bug #926. There's a patch in that bug which is not right, but I think will solve your problem enough to prove whether or not this guess is correct, could you please try it? Thanks. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-May-22 13:04 UTC
[Bug 1189] PAM module hangs root logout
http://bugzilla.mindrot.org/show_bug.cgi?id=1189 ------- Comment #14 from wknox at mitre.org 2006-05-22 23:04 ------- It DOES help in the privsep case. As a side note, it doesn't help when privsep is turned off (though this appears to be noted in the 926 bug report). If I am reading this correctly, then, this patch is "doing the right thing" as long as you keep privsep enabled? I would be happy to perform any testing that people like for this patch or any others that come down the pike in order to confirm that. Thanks again for the help. I guess this bug can be labelled a duplicate of 926. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-May-22 21:07 UTC
[Bug 1189] PAM module hangs root logout
http://bugzilla.mindrot.org/show_bug.cgi?id=1189
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |RESOLVED
Resolution| |DUPLICATE
------- Comment #15 from dtucker at zip.com.au 2006-05-23 07:07 -------
(In reply to comment #14)> It DOES help in the privsep case. As a side note, it doesn't help when
> privsep is turned off (though this appears to be noted in the 926 bug
> report). If I am reading this correctly, then, this patch is "doing
the
> right thing" as long as you keep privsep enabled?
Yeah that's basically it. Doing the same thing for privsep=no would
also mean breaking it for other situations where it currently works (or
maybe adding another process per connection, which I'm not wild about).
Patch #1143 doesn't change the behaviour for privsep=no, and is almost
certainly an improvement on what we have now for privsep=yes, so I
would like to see it or something similar in the next release.
> I would be happy to
> perform any testing that people like for this patch or any others that
> come down the pike in order to confirm that.
Based on the timing, I'm guessing you tested patch #1143? I would be
interested to know if it also solves your problem for privsep=yes and
user=root, assuming you permit this.
> Thanks again for the help. I guess this bug can be labelled a duplicate
> of 926.
Thanks, marking as duplicate of 926.
*** This bug has been marked as a duplicate of bug 926 ***
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-May-22 21:15 UTC
[Bug 1189] PAM module hangs root logout
http://bugzilla.mindrot.org/show_bug.cgi?id=1189 ------- Comment #16 from wknox at mitre.org 2006-05-23 07:15 ------- Yes, I tested patch 1143 (sorry I wasn't specific - I didn't see that that patch had been posted just this morning). The only case with trouble when privsep was on was root via pubkey - non-root users only had trouble when privsep was off - so this solved my issue. Again, I'd be happy to test any future patches against this known test case. Thanks for the help. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-May-22 21:24 UTC
[Bug 1189] PAM module hangs root logout
http://bugzilla.mindrot.org/show_bug.cgi?id=1189 ------- Comment #17 from dtucker at zip.com.au 2006-05-23 07:24 ------- (In reply to comment #16)> Yes, I tested patch 1143 (sorry I wasn't specific - I didn't see that > that patch had been posted just this morning). The only case with > trouble when privsep was on was root via pubkey - non-root users only > had trouble when privsep was off - so this solved my issue.That's what I suspected. When privsep=yes and you're logging in as root then after successful authentication, post-auth privsep is disabled (since there's no point). I'll think about this some more. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.