<html>
    <head>
      <base href="https://bugs.freedesktop.org/" />
    </head>
    <body><span class="vcard"><a class="email" href="mailto:lennart@poettering.net" title="Lennart Poettering <lennart@poettering.net>"> <span class="fn">Lennart Poettering</span></a>
</span> changed
              <a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED NOTOURBUG - Users logging in gets previous user's XDG_RUNTIME_DIR"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=62866">bug 62866</a>
        <br>
             <table border="1" cellspacing="0" cellpadding="8">
          <tr>
            <th>What</th>
            <th>Removed</th>
            <th>Added</th>
          </tr>

         <tr>
           <td style="text-align:right;">Status</td>
           <td>NEW
           </td>
           <td>RESOLVED
           </td>
         </tr>

         <tr>
           <td style="text-align:right;">Resolution</td>
           <td>---
           </td>
           <td>NOTOURBUG
           </td>
         </tr></table>
      <p>
        <div>
            <b><a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED NOTOURBUG - Users logging in gets previous user's XDG_RUNTIME_DIR"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=62866#c1">Comment # 1</a>
              on <a class="bz_bug_link 
          bz_status_RESOLVED  bz_closed"
   title="RESOLVED NOTOURBUG - Users logging in gets previous user's XDG_RUNTIME_DIR"
   href="https://bugs.freedesktop.org/show_bug.cgi?id=62866">bug 62866</a>
              from <span class="vcard"><a class="email" href="mailto:lennart@poettering.net" title="Lennart Poettering <lennart@poettering.net>"> <span class="fn">Lennart Poettering</span></a>
</span></b>
        <pre>That sounds as if "slim" is reuse PAM contexts. That's a total no-no,
regardless whether pam_systemd is in the mix, or not.

A PAM service needs to invoke the PAM session hooks like this:

pam_open_session(h);
pid = fork();
if (pid == 0) {
        exec();
} 
waitpid(pid);
pam_close_session(h);
exit();

That's the only correct way. i.e. the PAM handle can only be used once, and
both pam_open_session() and pam_close_session() need to be called in the parent
-- not the child. Also, since the session hooks will set all kinds of stuff
like resource limits, security labels, audit info, selinux labels, yadda yadda
yadda, the parent must exit() after the close session hook.

Anyway, closing, this is almost certainly a fuckup in slim.</pre>
        </div>
      </p>
      <hr>
      <span>You are receiving this mail because:</span>
      
      <ul>
          <li>You are the QA Contact for the bug.</li>
          <li>You are the assignee for the bug.</li>
      </ul>
    </body>
</html>