Package: at
Version: 3.1.10
Severity: normal
Tags: patch
When atd is about to send a mail, it opens the jobfile and
expects open() to return file descriptor 0.
This is usually fine, as atd closes all files.
Unfortunately, pam may then get this file descriptor.
I have indeed seen the open()ing of the jobfile returning
file descriptor 1 with strace.
atd will then exit without sending the mail.
With the default /etc/pam.d/atd this can e.g. be reproduced
by adding the line
auth optional pam_group.so
to /etc/pam.d/common-auth.
(pam will then log "couldn't get the tty name" - I wonder if
it should handle this without complaining...)
In this case a workaround is of course to change /etc/pam.d/atd
to not include common-auth.
Anyhow, pam's logging shouldn't prevent atd's mailing.
There may be a prefered way to close pam's file descriptors that
I don't know. A simple fix is to just unconditionally close
file descriptor 0 again.
All the best
Christian Sievers
-- System Information:
Debian Release: 4.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-4-686
Locale: LANG=de_DE, LC_CTYPE=de_DE (charmap=ISO-8859-1)
Versions of packages at depends on:
ii exim4-daemon-light [ma 4.63-17 lightweight exim MTA (v4) daemon
ii libc6 2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii libpam0g 0.79-4 Pluggable Authentication Modules l
ii lsb-base 3.1-23.2etch1 Linux Standard Base 3.1 init scrip
at recommends no packages.
-- no debconf information
*** patch
--- atd.c.orig 2007-11-28 16:18:43.000000000 +0100
+++ atd.c 2007-11-28 16:19:05.000000000 +0100
@@ -459,6 +459,7 @@ run_file(const char *filename, uid_t uid
pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
retcode = pam_close_session(pamh, PAM_SILENT);
pam_end(pamh, retcode);
+ close(STDIN_FILENO);
PRIV_END
#endif
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
