sudo + pam_lastlog causes user to appear logged out in logs.
Hi, this was originally reported on ports@. [1] Someone noticed that
after after running sudo their session disappeared when running `w`
afterwards. I've done a little experimenting and this is caused when
pam_lastlog.so is included in sudo's pam file. This results in the user
still being logged in though according to the system logs the user has
logged out. Here's an example:
[tom@releng-7-fbsd tom]$ w
12:50AM up 6 days, 12:30, 2 users, load averages: 0.24, 0.31, 0.30
USER TTY FROM LOGIN@ IDLE WHAT
tom p0 bofh 12:50AM - w
[tom@releng-7-fbsd tom]$ last
tom ttyp0 bofh Mon Jul 23 00:50 still logged in
....
[tom@releng-7-fbsd tom]$ sudo kill
....
[tom@releng-7-fbsd tom]$ w
12:53AM up 6 days, 12:34, 1 user, load averages: 0.17, 0.22, 0.25
USER TTY FROM LOGIN@ IDLE WHAT
[tom@releng-7-fbsd tom]$ last
root ttyp0 Mon Jul 23 00:53 - 00:53 (00:00)
tom ttyp0 bofh Mon Jul 23 00:50 - 00:53 (00:03)
I can confirm this on -CURRENT and -STABLE. I tested on a CentOS 5.0
box and their pam_lastlog does not cause this with sudo so it appears to
be an issue specific to ours. Can someone take a look into this? Also,
is there any way sudo can work around this? Right now I've commented
out the session line in the pam file that is installed by the port so
most users will not be affected. Thanks.
[1] http://lists.freebsd.org/pipermail/freebsd-ports/2007-July/042746.html
tom
--
| tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org |
| FreeBSD http://www.FreeBSD.org |
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 1 之 2 篇):