[Bug 1599069] [NEW] [pam] Module pam_env does not unset environment variables
Cade Forester
ahx2323 at gmail.com
Tue Jul 5 08:39:46 UTC 2016
Public bug reported:
Architecture: amd64
Date: 2016-07-05T07:10:34,326215642+0000 (printed by command "date --utc --iso-8601=ns")
DistroRelease: Ubuntu 14.04
Package: libpam-modules 1.1.8-1ubuntu2.2
PackageArchitecture: amd64
SourcePackage: pam
Uname: Linux 3.16.0-53-generic x86_64
Steps to reproduce.
1. Edit some files.
Shell command:
cat /etc/security/pam_env.conf
Output of last shell command:
TEST__SET_ME DEFAULT="value set successfully"
TEST__CLEAR_ME DEFAULT="" OVERRIDE=""
TEST__UNSET_ME DEFAULT= OVERRIDE=
Shell command:
cat /etc/pam.d/su
Output of last shell command:
auth sufficient pam_rootok.so
session required pam_env.so readenv=1 debug
# /etc/pam.d/common-auth
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_ecryptfs.so unwrap
auth optional pam_cap.so
# /etc/pam.d/common-account
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
# /etc/pam.d/common-session
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_umask.so
session required pam_unix.so
session optional pam_ecryptfs.so unwrap
session optional pam_ck_connector.so nox11
2. Run shell commands:
env --ignore-environment sh
export TEST__CLEAR_ME="variable not cleared"
export TEST__UNSET_ME="variable still set"
su --command env | grep TEST__
Type root password.
Output of last shell command:
TEST__UNSET_ME=variable still set
TEST__SET_ME=value set successfully
TEST__CLEAR_ME=
Related syslog output:
su[11338] Successful su for root by local_user
su[11338] + /dev/pts/0 local_user:root
su[11338] pam_env(su:session): pam_putenv("TEST__ SET_ME=value set successfully")
su[11338] pam_env(su:session): pam_putenv("TEST__ CLEAR_ME=")
su[11338] pam_env(su:session): remove variable "TEST__UNSET_ME"
su[11338] pam_env(su:session): pam_putenv: delete non-existent entry; TEST__UNSET_ME
su[11338] pam_env(su:session): pam_putenv("PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin")
su[11338] pam_unix(su:session): session opened for user root by local_user(uid=1000)
su[11338] pam_unix(su:session): session closed for user root
Actual result:
environment variable
TEST__UNSET_ME
not unset.
Expected result:
unset environment variable
TEST__UNSET_ME.
Bugs:
- pam module "pam_env.so"
does not unset environment variables;
- man page pam_env(8) describe,
what module can
unset environment variables,
but does not describe,
how to do that
(answer found in
"pam-1.1.8/modules/pam_env/pam_env.c",
line 472).
** Affects: pam (Ubuntu)
Importance: Undecided
Status: New
** Package changed: ubuntu => pam (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to pam in Ubuntu.
https://bugs.launchpad.net/bugs/1599069
Title:
[pam] Module pam_env does not unset environment variables
Status in pam package in Ubuntu:
New
Bug description:
Architecture: amd64
Date: 2016-07-05T07:10:34,326215642+0000 (printed by command "date --utc --iso-8601=ns")
DistroRelease: Ubuntu 14.04
Package: libpam-modules 1.1.8-1ubuntu2.2
PackageArchitecture: amd64
SourcePackage: pam
Uname: Linux 3.16.0-53-generic x86_64
Steps to reproduce.
1. Edit some files.
Shell command:
cat /etc/security/pam_env.conf
Output of last shell command:
TEST__SET_ME DEFAULT="value set successfully"
TEST__CLEAR_ME DEFAULT="" OVERRIDE=""
TEST__UNSET_ME DEFAULT= OVERRIDE=
Shell command:
cat /etc/pam.d/su
Output of last shell command:
auth sufficient pam_rootok.so
session required pam_env.so readenv=1 debug
# /etc/pam.d/common-auth
auth [success=1 default=ignore] pam_unix.so nullok_secure
auth requisite pam_deny.so
auth required pam_permit.so
auth optional pam_ecryptfs.so unwrap
auth optional pam_cap.so
# /etc/pam.d/common-account
account [success=1 new_authtok_reqd=done default=ignore] pam_unix.so
account requisite pam_deny.so
account required pam_permit.so
# /etc/pam.d/common-session
session [default=1] pam_permit.so
session requisite pam_deny.so
session required pam_permit.so
session optional pam_umask.so
session required pam_unix.so
session optional pam_ecryptfs.so unwrap
session optional pam_ck_connector.so nox11
2. Run shell commands:
env --ignore-environment sh
export TEST__CLEAR_ME="variable not cleared"
export TEST__UNSET_ME="variable still set"
su --command env | grep TEST__
Type root password.
Output of last shell command:
TEST__UNSET_ME=variable still set
TEST__SET_ME=value set successfully
TEST__CLEAR_ME=
Related syslog output:
su[11338] Successful su for root by local_user
su[11338] + /dev/pts/0 local_user:root
su[11338] pam_env(su:session): pam_putenv("TEST__ SET_ME=value set successfully")
su[11338] pam_env(su:session): pam_putenv("TEST__ CLEAR_ME=")
su[11338] pam_env(su:session): remove variable "TEST__UNSET_ME"
su[11338] pam_env(su:session): pam_putenv: delete non-existent entry; TEST__UNSET_ME
su[11338] pam_env(su:session): pam_putenv("PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin")
su[11338] pam_unix(su:session): session opened for user root by local_user(uid=1000)
su[11338] pam_unix(su:session): session closed for user root
Actual result:
environment variable
TEST__UNSET_ME
not unset.
Expected result:
unset environment variable
TEST__UNSET_ME.
Bugs:
- pam module "pam_env.so"
does not unset environment variables;
- man page pam_env(8) describe,
what module can
unset environment variables,
but does not describe,
how to do that
(answer found in
"pam-1.1.8/modules/pam_env/pam_env.c",
line 472).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/1599069/+subscriptions
More information about the foundations-bugs
mailing list