Public bug reported:
To reproduce the bug:
In `/etc/pam.d/common-auth`, add the following line after successful
authentication:
```
auth optional pam_exec.so /usr/local/bin/log-wtmp.sh
```
Create the file `/usr/local/bin/log-wtmp.sh` (as below) with permission 755;
create the empty log file `/tmp/wtmp.log` with permission 666
```
#!/bin/bash
date --iso-8601=seconds >>/tmp/wtmp.log
id >>/tmp/wtmp.log
/usr/local/bin/log-wtmp
```
Create the program `/usr/local/bin/log-wtmp` with SUID bit set, it can
touch /var/log/wtmp (or do anything logging with root privilege).
The buggy behaviour:
No matter whether `seteuid` is set: during a session login, appending to
`/tmp/wtmp.log` fails, but `/usr/local/bin/log-wtmp` succeeds; during a session
unlock, appending to `/tmp/wtmp.log` succeeds, but `/usr/local/bin/log-wtmp`
fails.
This happens on at least the latest Ubuntu 22.04 (presumably on Ubuntu
24 as well).
Somehow, the SUID escalation will also fail.
** Affects: pam (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2125907
Title:
pam_exec.so : inconsistent privilege between login and session unlock
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pam/+bug/2125907/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
