[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Bug in pam_env (?)



As I understand there is something wrong with pam_env PAM (pam-0.57-2
from RedHat):

I have the following lines in pam_env.conf:

REMOTEHOST	DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
DISPLAY		DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}

(just uncommented them in the conf file that came with some previous pam
RPM; I attach the full configuration file).

Everything works as it should work but when somebody logs in on a console
then the bad thing happens:

REMOTEHOST=b?^Úðc/^Ëðd^_|ðe^Omðf^H^Ùpfø^Êpgè{phØlpiÈ]pj¸Npk¨?pl^Ø0pm^È!pnx^Rpoh^Cppa.ðqQ^_ðrA^Pðs1^Aðt òðu^PãðvlÔðvðÅðwà¶ðxЧðyÀ^Øðz°^Éð{©µp|^Ù¦p}^É^×p~y^Èp^?iypo^A^Bc^B^D^C^D^E^D^C^F^C^D^C^D^C^D^C^D^G^H^G^H^G^H^G^H^G^H^G^H^G	
^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^Gal1t^Ahos#dt^H
DISPLAY=b?^Úðc/^Ëðd^_|ðe^Omðf^H^Ùpfø^Êpgè{phØlpiÈ]pj¸Npk¨?pl^Ø0pm^È!pnx^Rpoh^Cppa.ðqQ^_ðrA^Pðs1^Aðt òðu^PãðvlÔðvðÅðwà¶ðxЧðyÀ^Øðz°^Éð{©µp|^Ù¦p}^É^×p~y^Èp^?iypo^A^Bc^B^D^C^D^E^D^C^F^C^D^C^D^C^D^C^D^G^H^G^H^G^H^G^H^G^H^G^H^G	
^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^Gal1t^Ahos#dt^H:0.0

(the full environment as produced by "setenv > env.bad" in tcsh is
attached).

It looks like pam_env checks if OVERRIDE is not equal to "" but doesn't
check if it is not NULL.

One of the most unpleasant consequences is that telnet crashes 
immediatelly after it connects to the remote host (it looks like it
crashes when it tries to pass this environment to the remote telnetd). I
am not sure if it should be considered as a bug in telnet but I think that
it better to fix it too :)

~> rpm -qf `where telnet`
NetKit-B-0.09-6

Alexei
#%PAM-1.0
auth       required	/lib/security/pam_securetty.so
auth       required	/lib/security/pam_pwdb.so shadow
auth       required	/lib/security/pam_nologin.so
auth       required	/lib/security/pam_env.so
account    required	/lib/security/pam_pwdb.so
account    optional	/lib/security/pam_test.so
password   required	/lib/security/pam_cracklib.so retry=5
password   required	/lib/security/pam_pwdb.so shadow use_authtok
session    required	/lib/security/pam_pwdb.so
session    required	/lib/security/pam_limits.so
HOME=/home/nogin
PATH=/bin:/usr/bin:/usr/local/bin:/usr/bin/X11:/usr/bin/mh:/sbin:/usr/sbin:/usr/local/sbin:/home/nogin/programs
SHELL=/bin/tcsh
TERM=linux
MAIL=/var/spool/mail/nogin
LOGNAME=nogin
REMOTEHOST=b?^зПc/^кПd^_|Пe^OmПf^H^ыpfЬ^йpgХ{phьlpiх]pj╦Npk╗?pl^ь0pm^х!pnx^Rpoh^Cppa.ПqQ^_ПrA^PПs1^AПt РПu^PЦПvlтПvПеПwЮ╤Пxп╖Пyю^ьПz╟^иП{╘╣p|^ы╕p}^и^вp~y^хp^?iypo^A^Bc^B^D^C^D^E^D^C^F^C^D^C^D^C^D^C^D^G^H^G^H^G^H^G^H^G^H^G^H^G	
^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^Gal1t^Ahos#dt^H
DISPLAY=b?^зПc/^кПd^_|Пe^OmПf^H^ыpfЬ^йpgХ{phьlpiх]pj╦Npk╗?pl^ь0pm^х!pnx^Rpoh^Cppa.ПqQ^_ПrA^PПs1^AПt РПu^PЦПvlтПvПеПwЮ╤Пxп╖Пyю^ьПz╟^иП{╘╣p|^ы╕p}^и^вp~y^хp^?iypo^A^Bc^B^D^C^D^E^D^C^F^C^D^C^D^C^D^C^D^G^H^G^H^G^H^G^H^G^H^G^H^G	
^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^G^H^Gal1t^Ahos#dt^H:0.0
PAGER=less
MANPAGER=less
LESS=M q e h15 z23 b80
LESSCHARSET=koi8-r
NNTPSERVER=news.dnttm.rssi.ru
HOSTTYPE=i386-linux
VENDOR=intel
OSTYPE=linux
MACHTYPE=i386
SHLVL=1
PWD=/home/nogin
USER=nogin
GROUP=gr_nogin
HOST=zeus.dnttm.ru
HOSTNAME=zeus.dnttm.ru
LANG=ru_RU.KOI8-R
# $Date: 1997/04/05 06:42:35 $
# $Author: morgan $
# $Id: pam_env.conf-example,v 1.1 1997/04/05 06:42:35 morgan Exp $
#
# This is the configuration file for pam_env, a PAM module to load in 
# a configurable list of environment variables for a 
# 
# The original idea for this came from Andrew G. Morgan ...
#<quote>
#   Mmm. Perhaps you might like to write a pam_env module that reads a
#   default environment from a file? I can see that as REALLY
#   useful... Note it would be an "auth" module that returns PAM_IGNORE
#   for the auth part and sets the environment returning PAM_SUCCESS in
#   the setcred function...
#</quote>
#
# What I wanted was the REMOTEHOST variable set, purely for selfish
# reasons, and AGM didn't want it added to the SimpleApps login
# program (which is where I added the patch). So, my first concern is
# that variable, from there there are numerous others that might/would
# be useful to be set: NNTPSERVER, LESS, PATH, PAGER, MANPAGER .....
#
# Of course, these are a different kind of variable than REMOTEHOST in
# that they are things that are likely to be configured by
# administrators rather than set by logging in, how to treat them both
# in the same config file?
#
# Here is my idea: 
#
# Each line starts with the variable name, there are then two possible
# options for each variable DEFAULT and OVERRIDE. 
# DEFAULT allows and administrator to set the value of the
# variable  to some default value, if none is supplied then the empty
# string is assumed. The OVERRIDE option tells pam_env that it should
# enter in its value (overriding the default value) if there is one
# to use. OVERRIDE is not used, "" is assumed and no override will be
# done. 
#
# VARIABLE   [DEFAULT=[value]]  [OVERRIDE=[value]]
#
# (Possibly non-existent) environment variables may be used in values
# using the ${string} syntax and (possibly non-existent) PAM_ITEMs may
# be used in values using the @{string} syntax. Both the $ and @
# characters can be backslash escaped to be used as literal values
# values can be delimited with "", escaped " not supported.
#
#
# First, some special variables
#
# Set the REMOTEHOST variable for any hosts that are remote, default
# to "localhost" rather than not being set at all
REMOTEHOST	DEFAULT=localhost OVERRIDE=@{PAM_RHOST}
#
# Set the DISPLAY variable if it seems reasonable 
DISPLAY		DEFAULT=${REMOTEHOST}:0.0 OVERRIDE=${DISPLAY}
#
#
#  Now some simple variables
#
PAGER		DEFAULT=less
MANPAGER	DEFAULT=less
LESS		DEFAULT="M q e h15 z23 b80"
LESSCHARSET	DEFAULT=koi8-r
NNTPSERVER	DEFAULT=<our server>
PATH		DEFAULT=/bin:/usr/bin:/usr/local/bin:/usr/bin/X11
#
# silly examples of escaped variables, just to show how they work.
#
#DOLLAR		DEFAULT=\$
#DOLLARDOLLAR	DEFAULT=	OVERRIDE=\$${DOLLAR}
#DOLLARPLUS	DEFAULT=\${REMOTEHOST}${REMOTEHOST}
#ATSIGN		DEFAULT=""	OVERRIDE=\@

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []