NetBSD Problem Report #46271

From www@NetBSD.org  Tue Mar 27 21:42:41 2012
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
	by www.NetBSD.org (Postfix) with ESMTP id AD96863C4B1
	for <gnats-bugs@gnats.NetBSD.org>; Tue, 27 Mar 2012 21:42:40 +0000 (UTC)
Message-Id: <20120327214240.0722763BBEC@www.NetBSD.org>
Date: Tue, 27 Mar 2012 21:42:40 +0000 (UTC)
From: jdbaker@mylinuxisp.com
Reply-To: jdbaker@mylinuxisp.com
To: gnats-bugs@NetBSD.org
Subject: x11/xlockmore built w/pam fails all authentication attempts, won't unlock screen
X-Send-Pr-Version: www-1.0

>Number:         46271
>Category:       pkg
>Synopsis:       x11/xlockmore built w/pam fails all authentication attempts, won't unlock screen
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Mar 27 21:45:00 +0000 2012
>Last-Modified:  Fri Mar 30 11:55:00 +0000 2012
>Originator:     John D. Baker
>Release:        NetBSD-6.0_BETA/i386, pkgsrc-current (pre-pkgsrc-2012Q1)
>Organization:
>Environment:
NetBSD squash.bozonet.ntc 6.0_BETA NetBSD 6.0_BETA (SQUASH) #15: Mon Mar 26 11:13:35 CDT 2012  sysop@squash.bozonet.ntc:/d0/build/netbsd-6/obj/i386/sys/arch/i386/compile/SQUASH i386

>Description:
With "PKG_OPTIONS.xlockmore+=pam" in /etc/mk.conf, the resulting
xlock program considers all unlock attempts as failed whether using the
user's password or the root password.

Should there be a pam configuration file for 'xlock'?  Is it intended
to use one of the existing pam configurations--"system" perhaps?  I saw
no errors logged anywhere when xlock engaged.
>How-To-Repeat:
Set "PKG_OPTIONS.xlockmore+=pam" in /etc/mk.conf and build/install
"x11/xlockmore".

Run 'xlock' to lock the screen.

Screen cannot be unlocked via password.  On architectures that support
it, switch to text-mode terminal, log in and kill xlock.
>Fix:
Workaround.  Do not enable the "pam" option when building x11/xlockmore.

>Audit-Trail:
From: "Matthias Drochner" <drochner@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/46271 CVS commit: pkgsrc/x11/xlockmore
Date: Wed, 28 Mar 2012 20:21:47 +0000

 Module Name:	pkgsrc
 Committed By:	drochner
 Date:		Wed Mar 28 20:21:46 UTC 2012

 Modified Files:
 	pkgsrc/x11/xlockmore: Makefile.common PLIST
 Added Files:
 	pkgsrc/x11/xlockmore: MESSAGE
 	pkgsrc/x11/xlockmore/files: pam-xlock-NetBSD

 Log Message:
 tell user how to make PAM work, copied from xscreensaver
 in response to PR pkg/46271 by John D. Baker


 To generate a diff of this commit:
 cvs rdiff -u -r0 -r1.1 pkgsrc/x11/xlockmore/MESSAGE
 cvs rdiff -u -r1.63 -r1.64 pkgsrc/x11/xlockmore/Makefile.common
 cvs rdiff -u -r1.7 -r1.8 pkgsrc/x11/xlockmore/PLIST
 cvs rdiff -u -r0 -r1.1 pkgsrc/x11/xlockmore/files/pam-xlock-NetBSD

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: "Matthias Drochner" <drochner@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/46271 CVS commit: pkgsrc/x11/xlockmore
Date: Fri, 30 Mar 2012 07:37:22 +0000

 Module Name:	pkgsrc
 Committed By:	drochner
 Date:		Fri Mar 30 07:37:22 UTC 2012

 Modified Files:
 	pkgsrc/x11/xlockmore: Makefile.common

 Log Message:
 make PAM without the suid_helper work on NetBSD: without the bad-pam
 option it will give up root credentials too early
 addresses PR pkg/46271 by John D. Baker


 To generate a diff of this commit:
 cvs rdiff -u -r1.64 -r1.65 pkgsrc/x11/xlockmore/Makefile.common

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

From: Joerg Sonnenberger <joerg@britannica.bec.de>
To: gnats-bugs@NetBSD.org
Cc: 
Subject: Re: PR/46271 CVS commit: pkgsrc/x11/xlockmore
Date: Fri, 30 Mar 2012 20:54:35 +0900

 On Fri, Mar 30, 2012 at 07:40:05AM +0000, Matthias Drochner wrote:
 > The following reply was made to PR pkg/46271; it has been noted by GNATS.
 > 
 > From: "Matthias Drochner" <drochner@netbsd.org>
 > To: gnats-bugs@gnats.NetBSD.org
 > Cc: 
 > Subject: PR/46271 CVS commit: pkgsrc/x11/xlockmore
 > Date: Fri, 30 Mar 2012 07:37:22 +0000
 > 
 >  Module Name:	pkgsrc
 >  Committed By:	drochner
 >  Date:		Fri Mar 30 07:37:22 UTC 2012
 >  
 >  Modified Files:
 >  	pkgsrc/x11/xlockmore: Makefile.common
 >  
 >  Log Message:
 >  make PAM without the suid_helper work on NetBSD: without the bad-pam
 >  option it will give up root credentials too early
 >  addresses PR pkg/46271 by John D. Baker

 Given the general quality of the code involved, I'm not sure that's an
 improvement. With suid_helper, it can and should be completely
 unprivileged.

 Joerg

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.