[pkg-fso-maint] Bug#785644: nodm: please call pam_close_session() with root privileges

Ryan Tandy ryan at nardis.ca
Mon May 18 18:04:01 UTC 2015


Package: nodm
Version: 0.11-1.3
Severity: minor

Dear Maintainer,

When a nodm session ends, I see in /var/log/auth.log:

May 18 10:35:51 kiwi dbus[435]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.65" (uid=1000 pid=2641 comm="/usr/sbin/nodm ") interface="org.freedesktop.login1.Manager" member="ReleaseSession" error name="(unset)" requested_reply="0" destination="org.freedesktop.login1" (uid=0 pid=2582 comm="/lib/systemd/systemd-logind ")
May 18 10:35:51 kiwi nodm[2641]: pam_systemd(nodm:session): Failed to release session: Access denied
May 18 10:35:51 kiwi nodm[2641]: pam_close_session: Cannot make/remove an entry for the specified session

Apparently pam_systemd wants pam_close_session() to be run as root, in 
order to call privileged systemd-logind interfaces.

See #580434 for the same bug in su(1).

As the xsession-child code claims to be derived from su(1), the upstream 
commits fixing #580434 may be relevant:

http://anonscm.debian.org/viewvc/pkg-shadow?view=revision&revision=3357
http://anonscm.debian.org/viewvc/pkg-shadow?view=revision&revision=3358
http://anonscm.debian.org/viewvc/pkg-shadow?view=revision&revision=3359
http://anonscm.debian.org/viewvc/pkg-shadow?view=revision&revision=3360

Setting severity to minor: the session is automatically cleaned up after 
the session leader terminates, so for at least pam_systemd, this is 
probably mostly cosmetic.

-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_CA.UTF-8, LC_CTYPE=en_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)



More information about the pkg-fso-maint mailing list