Package: libpam-modules
Version: 1.1.3-7.1
Severity: normal
Hi,
When pam_env founds an unterminated expandable variable while parsing a
conffile, it makes a critical error. It results any login to be rejected.
To reproduce the problem, put the following line into /etc/security/pam_env.conf
FOO DEFAULT="${VAR"
Any login will fail and the following error message will be logged to syslog:
pam_env(login:session): Unterminated expandable variable: <${VAR>
Critical error - immediate abort
The error message is came from modules/pam_env/pam_env.c:
static int _expand_arg(pam_handle_t *pamh, char **value)
{
[...]
D(("Unterminated expandable variable: <%s>", orig-2));
pam_syslog(pamh, LOG_ERR,
"Unterminated expandable variable: <%s>", orig-2);
return PAM_ABORT;
When this function found an unterminated expandable variable, it returns
PAM_ABORT, and it will raises a critical error. I think unterminated
expandable variable is a small error, not so critical.
I suggest to change the function to return BAD_LINE instead of PAM_ABORT.
Regards,
Morita Sho
-- System Information:
Debian Release: 7.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libpam-modules depends on:
ii debconf [debconf-2.0] 1.5.49
ii libc6 2.13-38
ii libdb5.1 5.1.29-5
ii libpam-modules-bin 1.1.3-7.1
ii libpam0g 1.1.3-7.1
ii libselinux1 2.1.9-5
libpam-modules recommends no packages.
libpam-modules suggests no packages.
-- debconf information:
libpam-modules/disable-screensaver:
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
