Hello,
I'm using Linux-Pam 0.77. Currently I'm writing a xlock-like
application, so I read the "Application Developers' Guide" and
tried the check_user example program. Surprisingly it always failed
when executed as user, but worked as root.
Because version 0.76 worked, I refered to the ChangeLog:
* pam_unix and pam_pwdb: by default turn off the SIGCHLD handler while
running the helper binary (patch from Nalin) added the "noreap"
module argument to both of these modules to turn off this new
default.
It seems that passing SIG_IGN to SIGCHLD in
modules/pam_unix/support.c line 456 prevents invoking the
helper binary from working - strace cut-out:
open("/etc/shadow", O_RDONLY) = -1 EACCES (Permission denied)
geteuid32() = 1000
pipe([4, 5]) = 0
rt_sigaction(SIGCHLD, {SIG_IGN}, {SIG_DFL}, 8) = 0
fork() = 1221
write(5, "nullok\0\0", 8) = 8
write(5, "******\0", 7) = 7
close(4) = 0
close(5) = 0
wait4(1221, 0xbffff71c, 0, NULL) = -1 ECHILD (No child processes)
Couldn't configure detect weather this feature works on the
target machine and depending on the result enable or disable "noreap"
by default?
--
sorry for my bad English,
Johannes WeiÃl
_______________________________________________
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list
