[systemd-devel] Fix PAM module to not clobber XDG_RUNTIME_DIR with su
Colin Guthrie
gmane at colin.guthr.ie
Thu Nov 14 00:48:06 PST 2013
Hi Martin,
Thanks for looking at this.
'Twas brillig, and Martin Pitt at 14/11/13 07:45 did gyre and gimble:
> pam_systemd currently causes some havoc when you run programs or
> shells with su: it passes on the $XDG_RUNTIME_DIR from the original
> user session, so that programs like pulseaudio or dconf end up
> scribbling into the original user's runtime dir. This has been
> discussed at length at [1][2] and is leading people to consider
> workarounds like [3].
>
> It seems Lennart is against giving the new user a new logind session
> and runtime dir; I think it would be right to give it a fresh (or an
> already existing one for the target user) runtime dir, but in either
> case passing it the original user's runtime dir is actively wrong and
> harmful.
>
> Until then I recommend applying this patch (or something equivalent)
> which at least stops destroying existing runtime dirs and makes it
> compliant to the spec [4]. With that, things like pulse, dconf, or
> dbus will still need to keep their internal fallback if there is no
> runtime dir, but that's a less pressing matter.
>
> Thanks for considering,
>
> Martin
>
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=753882
> [2] https://launchpad.net/bugs/1197395
> [3] http://lists.freedesktop.org/archives/pulseaudio-discuss/2013-November/019121.html
> [4] http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html
I'm somewhat on the fence, but I think this patch is sensible in the
short term at least.
I do still think we need some kind of new su which is actually able to
properly proxy graphics and sound (like SSH kinda does - at least for
graphics), but this should prevent the nasty side effects in the short term.
I've not considered any unwanted side effects this may cause so
hopefully someone else can chime in accordingly.
Your argument about it making it spec compliant seems rather compelling
tho'.
Col
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited http://www.tribalogic.net/
Open Source:
Mageia Contributor http://www.mageia.org/
PulseAudio Hacker http://www.pulseaudio.org/
Trac Hacker http://trac.edgewall.org/
More information about the systemd-devel
mailing list