[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Linux-PAM and syslog (POSIX) (fwd)

I think it is time for the public debate on this issue.

In short, it is about pam modules breaking the application's state whwre I
think there should be no interferences. Specifically, if a PAM module
calls closelog() and the application isusing syslog() after calling pam
authentication, the app is fubared.

Everybody with > $.01 of opinion, throw it in :-)

Cristian Gafton   --   gafton@redhat.com   --   Red Hat Software, Inc.
 UNIX is user friendly. It's just selective about who its friends are.

---------- Forwarded message ----------
Date: Wed, 25 Mar 1998 15:39:02 -0800
From: Andrew Morgan <morgan@transmeta.com>
To: Cristian Gafton <gafton@redhat.com>
Cc: saw@msu.ru, morgan@transmeta.com
Subject: Re: Linux-PAM and syslog (POSIX)


some comments:

    0. To a large extent this is the "I called libc and then
       libpam and, when libpam returned, libc was in an undefined
       state" problem.

    1. What you suggests seems like a reasonable solution that avoids
       the need to do much work on the application.

    2. Andrey has already noticed this exact problem and added
       infrastructure to sshd to be able to handle it.

    3. I've been corresponding with someone who has been getting
       mysterious seg-faults with ftp and this may well be the
       cause. :^)

This kind of problem is something that will continue to come up...

To resolve the situation, in this case, could be to do (2.) to the
applications that claim to support PAM, or to do as you suggest and
change the modules to be more transparent.

I feel this is something we should discuss on the public pam-list.  I
think a wider discussion will help identify the "right" solution.
Please email the list with some version of this email... [If you
prefer, I can do it.]

Whatever, this does need to be resolved!!  ASAP.



Cristian Gafton writes:
> Date: Wed, 25 Mar 1998 18:03:43 -0500 (EST)
> From: Cristian Gafton <gafton@redhat.com>
> To: Andrew Morgan <morgan@transmeta.com>
> Subject: Linux-PAM and syslog (POSIX)
> Well, this is a though one:
> Almost every module is using syslog() to log some information, and all
> those modules are calling openlog(), maybe do some logging and then
> closelog(). The problem is that as per POSIX specs, once you called
> closelog() for a program the syslog file descriptors are gone and you have
> to call openlog() again to make it work.
> Problem: take the example of the ftp server:
> 	openlog("ftpd", ...);
> 	/* read user and password. Let's suppose it is a invalid pass */
> 	retval = pam_auth(...);
> 	/* the pam_pwdb module sis another openlog(), the it did a
> 	 * syslog() to log the failure, called closelog() and returned */
> 	if (retval != 0)
> 		syslog(LOG_INFO, "login failure from host %s, user %s",
> 			remote_host, the_user);
> 	...
> In case of login failure the ftpd server will segfault, because it is
> calling syslog and internally in glibc the file descriptors are closed.
> Resolution:
> 	Glibc is very strict to conform to POSIX standards. Thus the
> openlog() calls are not stackable anymore. POSIX specifies that one does
> not have to call openlog() before _first_ use of syslog() function, but
> after a closelog() calling syslog() without openlog() yields an
> unspecified result. More exactly, in glibc a segfault.
> Solution: remove all the calls to openlog() and closelog() from Linux-PAM
> and use only syslog. Instead of logging like:
> 	PAM-pwdb[pid]: message
> log the module name with evry message to keep the process name unchanged.
> What do you think ?
> Cristian
> --
> ----------------------------------------------------------------------
> Cristian Gafton   --   gafton@redhat.com   --   Red Hat Software, Inc.
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>  UNIX is user friendly. It's just selective about who its friends are.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []