NetBSD Problem Report #46271
From www@NetBSD.org Tue Mar 27 21:42:41 2012
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
by www.NetBSD.org (Postfix) with ESMTP id AD96863C4B1
for <gnats-bugs@gnats.NetBSD.org>; Tue, 27 Mar 2012 21:42:40 +0000 (UTC)
Message-Id: <20120327214240.0722763BBEC@www.NetBSD.org>
Date: Tue, 27 Mar 2012 21:42:40 +0000 (UTC)
From: jdbaker@mylinuxisp.com
Reply-To: jdbaker@consolidated.net
To: gnats-bugs@NetBSD.org
Subject: x11/xlockmore built w/pam fails all authentication attempts, won't unlock screen
X-Send-Pr-Version: www-1.0
>Number: 46271
>Notify-List: jdbaker@consolidated.net
>Category: pkg
>Synopsis: x11/xlockmore built w/pam fails all authentication attempts, won't unlock screen
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: pkg-manager
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Tue Mar 27 21:45:00 +0000 2012
>Last-Modified: Tue Jan 29 06:31:26 +0000 2019
>Originator: John D. Baker
>Release: NetBSD-6.0_BETA/i386, pkgsrc-current (pre-pkgsrc-2012Q1)
>Organization:
>Environment:
NetBSD squash.bozonet.ntc 6.0_BETA NetBSD 6.0_BETA (SQUASH) #15: Mon Mar 26 11:13:35 CDT 2012 sysop@squash.bozonet.ntc:/d0/build/netbsd-6/obj/i386/sys/arch/i386/compile/SQUASH i386
>Description:
With "PKG_OPTIONS.xlockmore+=pam" in /etc/mk.conf, the resulting
xlock program considers all unlock attempts as failed whether using the
user's password or the root password.
Should there be a pam configuration file for 'xlock'? Is it intended
to use one of the existing pam configurations--"system" perhaps? I saw
no errors logged anywhere when xlock engaged.
>How-To-Repeat:
Set "PKG_OPTIONS.xlockmore+=pam" in /etc/mk.conf and build/install
"x11/xlockmore".
Run 'xlock' to lock the screen.
Screen cannot be unlocked via password. On architectures that support
it, switch to text-mode terminal, log in and kill xlock.
>Fix:
Workaround. Do not enable the "pam" option when building x11/xlockmore.
>Release-Note:
>Audit-Trail:
From: "Matthias Drochner" <drochner@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/46271 CVS commit: pkgsrc/x11/xlockmore
Date: Wed, 28 Mar 2012 20:21:47 +0000
Module Name: pkgsrc
Committed By: drochner
Date: Wed Mar 28 20:21:46 UTC 2012
Modified Files:
pkgsrc/x11/xlockmore: Makefile.common PLIST
Added Files:
pkgsrc/x11/xlockmore: MESSAGE
pkgsrc/x11/xlockmore/files: pam-xlock-NetBSD
Log Message:
tell user how to make PAM work, copied from xscreensaver
in response to PR pkg/46271 by John D. Baker
To generate a diff of this commit:
cvs rdiff -u -r0 -r1.1 pkgsrc/x11/xlockmore/MESSAGE
cvs rdiff -u -r1.63 -r1.64 pkgsrc/x11/xlockmore/Makefile.common
cvs rdiff -u -r1.7 -r1.8 pkgsrc/x11/xlockmore/PLIST
cvs rdiff -u -r0 -r1.1 pkgsrc/x11/xlockmore/files/pam-xlock-NetBSD
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: "Matthias Drochner" <drochner@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/46271 CVS commit: pkgsrc/x11/xlockmore
Date: Fri, 30 Mar 2012 07:37:22 +0000
Module Name: pkgsrc
Committed By: drochner
Date: Fri Mar 30 07:37:22 UTC 2012
Modified Files:
pkgsrc/x11/xlockmore: Makefile.common
Log Message:
make PAM without the suid_helper work on NetBSD: without the bad-pam
option it will give up root credentials too early
addresses PR pkg/46271 by John D. Baker
To generate a diff of this commit:
cvs rdiff -u -r1.64 -r1.65 pkgsrc/x11/xlockmore/Makefile.common
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: PR/46271 CVS commit: pkgsrc/x11/xlockmore
Date: Fri, 30 Mar 2012 20:54:35 +0900
On Fri, Mar 30, 2012 at 07:40:05AM +0000, Matthias Drochner wrote:
> The following reply was made to PR pkg/46271; it has been noted by GNATS.
>
> From: "Matthias Drochner" <drochner@netbsd.org>
> To: gnats-bugs@gnats.NetBSD.org
> Cc:
> Subject: PR/46271 CVS commit: pkgsrc/x11/xlockmore
> Date: Fri, 30 Mar 2012 07:37:22 +0000
>
> Module Name: pkgsrc
> Committed By: drochner
> Date: Fri Mar 30 07:37:22 UTC 2012
>
> Modified Files:
> pkgsrc/x11/xlockmore: Makefile.common
>
> Log Message:
> make PAM without the suid_helper work on NetBSD: without the bad-pam
> option it will give up root credentials too early
> addresses PR pkg/46271 by John D. Baker
Given the general quality of the code involved, I'm not sure that's an
improvement. With suid_helper, it can and should be completely
unprivileged.
Joerg
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.