Bug#251088: xdm: calling pam_setcred multiple times, redux
Package: xdm
Followup-For: Bug #251088
As mentioned earlier in this bug report, xdm calls pam_setcred multiple
times, which can cause problems and at the least is useless work. More
seriously, it discards any changes made in the environment after the
last call, which can result in such problems as someone's ticket cache
location and KRB5CCNAME environment variable being out of sync.
I agree with the original bug reporter that simply removing the call to
pam_setcred in session.c is the right thing to do. Failing that, at
least the following should be applied to move environment setting until
after the pam_setcred call:
--- xorg-x11-6.8.2.dfsg.1/xc/programs/xdm/session.c.orig 2005-02-28 09:35:18.000000000 -0800
+++ xorg-x11-6.8.2.dfsg.1/xc/programs/xdm/session.c 2005-12-23 15:34:35.000000000 -0800
@@ -559,18 +559,6 @@
/* Do system-dependent login setup here */
-#ifdef USE_PAM
- /* pass in environment variables set by libpam and modules it called */
- if (pamh) {
- long i;
- char **pam_env = pam_getenvlist(pamh);
- for(i = 0; pam_env && pam_env[i]; i++) {
- verify->userEnviron = putEnv(pam_env[i], verify->userEnviron);
- }
- }
-#endif
-
-
#ifndef AIXV3
#ifndef HAS_SETUSERCONTEXT
if (setgid(verify->gid) < 0) {
@@ -634,6 +622,17 @@
}
#endif /* AIXV3 */
+#ifdef USE_PAM
+ /* pass in environment variables set by libpam and modules it called */
+ if (pamh) {
+ long i;
+ char **pam_env = pam_getenvlist(pamh);
+ for(i = 0; pam_env && pam_env[i]; i++) {
+ verify->userEnviron = putEnv(pam_env[i], verify->userEnviron);
+ }
+ }
+#endif
+
/*
* for user-based authorization schemes,
* use the password to get the user's credentials.
-- System Information:
Debian Release: testing/unstable
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-686
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) (ignored: LC_ALL set to C)
Reply to: