Re: Why doesn't Debian use GNU su?

To: Ben Collins <bcollins@debian.org>
Cc: Ethan Benson <erbenson@alaska.net>, David Huggins-Daines <dhd@eradicator.org>, debian-devel@lists.debian.org
Subject: Re: Why doesn't Debian use GNU su?
From: Ben Gertzfield <che@debian.org>
Date: 21 Jan 2000 10:59:31 -0800
Message-id: <[🔎] yttsnzr45f0.fsf@gilgamesh.cse.ucsc.edu>
In-reply-to: Ben Collins's message of "Fri, 21 Jan 2000 13:33:23 -0500"
References: <[🔎] Pine.SOL.4.10a.10001201455280.16688-100000@red.csi.cam.ac.uk> <[🔎] 87aem0bwlh.fsf@hobbes.home.ruud.org> <[🔎] yttvh4o4sx6.fsf@gilgamesh.cse.ucsc.edu> <v0422080eb4ace774afcd@[192.168.0.1]> <[🔎] 20000121013913.E15236@blood-axp.eradicator.org> <[🔎] yttiu0n29mb.fsf@gilgamesh.cse.ucsc.edu> <v04220819b4adb6334751@[192.168.0.1]> <[🔎] yttwvp347lf.fsf_-_@gilgamesh.cse.ucsc.edu> <[🔎] 20000121133323.G320@visi.net>

>>>>> "Ben" == Ben Collins <bcollins@debian.org> writes:

    Ben> Where do you get that shadow's su does not use PAM session
    Ben> management?  Stop spreading bogus information.

It does use some PAM session management but not all of it. You've done
a good job patching shadow's su, but it's not finished. :) I'm sorry
if I sounded antagonistic, I didn't mean that at all.

I've gone through the source code to shadow's su, and while it *DOES*
call pam_start() and pam_end(), it fails to call pam_open_session()
and pam_close_session().

In fact, within the shadow suite, only login.c seems to call
pam_open_session and pam_close_session.

Because shadow's su merely execvs its shell instead of forking it off,
pam_open_session() and pam_close_session() don't make much sense --
unless we patch it to fork instead of execv.

GNU su actually also execvs by default, but Red Hat has patched it
quite well to use fork instead, and wrap the su'd shell in
pam_open_session() and pam_close_session() calls.

If you're interested in looking at the Red Hat-patched GNU su, I've
put it up at:

http://csl.cse.ucsc.edu/~ben/sh-utils/sh-utils-2.0/src/su.c

To see the PAM patch that Red Hat used, check out:

http://csl.cse.ucsc.edu/~ben/sh-utils/PATCHES/sh-utils-2.0-pam.patch

Ben

-- 
Brought to you by the letters Q and O and the number 12.
"Hoosh is a kind of soup."
Debian GNU/Linux maintainer of Gimp and GTK+ -- http://www.debian.org/

Reply to:

Follow-Ups:
- Re: Why doesn't Debian use GNU su?
  - From: Ben Collins <bcollins@debian.org>
- Re: Why doesn't Debian use GNU su?
  - From: md@linux.it (Marco d'Itri)

References:
- Re: Potato "testing"
  - From: Jules Bean <jmlb2@hermes.cam.ac.uk>
- Re: Potato "testing"
  - From: ruud@ruud.org (Ruud de Rooij)
- Re: Potato "testing"
  - From: Ben Gertzfield <che@debian.org>
- Re: Potato "testing"
  - From: Ethan Benson <erbenson@alaska.net>
- Re: Potato "testing"
  - From: David Huggins-Daines <dhd@eradicator.org>
- Re: Potato "testing"
  - From: Ben Gertzfield <che@debian.org>
- Re: Potato "testing"
  - From: Ethan Benson <erbenson@alaska.net>
- Why doesn't Debian use GNU su?
  - From: Ben Gertzfield <che@debian.org>
- Re: Why doesn't Debian use GNU su?
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Re: KDE not in Debian?
Next by Date: Re: Why doesn't Debian use GNU su?
Previous by thread: Re: Why doesn't Debian use GNU su?
Next by thread: Re: Why doesn't Debian use GNU su?
Index(es):
- Date
- Thread