pam_open_session() is being called with euid/uid set to the authenticated user (instead of root) It seems that do_setusercontext() calls setpcred() early, but setpcred() has the effect of setting uid/euid to the authenticated user. This can't be undone, and the subsequent calls to do_pam_session() are unprivileged. This is bad for our pam module that creates missing home directories. Reproduced on oslevels 4330-11, 5100-03, 5200-04 See also: bug 261
(In reply to comment #0) > Reproduced on oslevels 4330-11, 5100-03, 5200-04 clarification: the 4330-11 refers to my instrumenting of the setpcred call; no pam was involved on aix4.3.3
FWIW I think the right way to deal with this is via the same method proposed in bug #926: move the PAM session open/close into the monitor. (That is not without its own issues as you can see from the bug, but if we can get those sorted then I think it's the best long-term solution).
Created attachment 1200 [details] move setpcred() to just before permanently_set_uid() moving setpcred till later works for me. (see also: bug 969)
I think this was fixed with the change for bug #926. Can you confirm? Also, how does the setpcred change relate to this bug and is it still needed? Thanks.
I think the patch in bug #1249 will also solve it: it uses setpcred to set up everying in the LAM except for real userid, and then lets permanently_set_uid() take care of the latter.
Applied with a slight variation, thanks! This will be in the 5.3p1 release.
Mass move of RESOLVED bugs to CLOSED now that 5.3 is out.