[systemd-devel] pam: Don't use loginuid [was: Re: Fix PAM module to not clobber XDG_RUNTIME_DIR with su]
Colin Guthrie
gmane at colin.guthr.ie
Thu Nov 21 02:06:43 PST 2013
'Twas brillig, and Colin Walters at 21/11/13 00:32 did gyre and gimble:
> On Thu, 2013-11-21 at 01:20 +0100, Michael Biebl wrote:
>> 2013/11/18 Michael Stapelberg <stapelberg at debian.org>:
>>> This is a rather pressing issue for us (it breaks GDM logins in some
>>> cases), and we’d like to fix it by cherry-picking a patch that was
>>> merged upstream.
>>
>> "some cases" is very vague.
>
> See:
> https://bugzilla.redhat.com/show_bug.cgi?id=753882#c43
>
> Now as Lennart is arguing here, running gedit as root is crack. But
> the problem is greatly exacerbated by systemd leaving XDG_RUNTIME_DIR as
> the user, which causes the root-owned process to write to it,
> leaving directories owned by root whch can't be deleted by the user.
>
> But if say you happen to be logged in via ssh or a getty as well,
> that broken dconf directory will persist until you log out everywhere,
> and it will break logging in via gdm.
>
> This can happen with just pure "pkexec" and a *non-X11* application
> which wants to save transient per-uid state.
Yes. Couldn't agree more. While no-one here disagrees that running root
apps via su etc. is a bad idea, the fact that pam_systemd hands out
incorrect data (which would appear to be against the XDG specification)
is actively making the problem far worse than it should be.
Col
--
Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/
Day Job:
Tribalogic Limited http://www.tribalogic.net/
Open Source:
Mageia Contributor http://www.mageia.org/
PulseAudio Hacker http://www.pulseaudio.org/
Trac Hacker http://trac.edgewall.org/
More information about the systemd-devel
mailing list