[Bug 555136] New: cryptsetup prints "command successful" message to stderr breaking pam_mount and possibly sudo
http://bugzilla.novell.com/show_bug.cgi?id=555136 Summary: cryptsetup prints "command successful" message to stderr breaking pam_mount and possibly sudo Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: x86-64 OS/Version: openSUSE 11.2 Status: NEW Severity: Major Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: bugreports@tittel.net QAContact: qa@suse.de Found By: --- User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.4) Gecko/20091016 SUSE/3.5.4-1.1.2 Firefox/3.5.4 The cryptsetup version shipped with openSUSE 11.2 prints "Command successful." to stderr, if the command succeeded. If pam_mount is used to transparently decrypt a LUKS volume (using cryptsetup), pam_mount will complain after login with: pam_mount(mount.c:67): Errors from underlying mount program: pam_mount(mount.c:71): Command successful. Unfortunately this can easily result in programs dealing with PAM/user authentication believing that the process was not successful (even though it was). Most notably when pam_mount is activated, sudo will just give this (no matter if tried as root or tittel and no matter which command is used): tittel@earth:~$ sudo ls root's password: Segmentation fault I believe it is most likely that the stderr problem of cryptsetup is causing sudo to segfault. In bug 544154 another user reported something similiar. However it is theoretically possible that it is problem between pam_mount and sudo unrelated to the stderr issue of cryptsetup. There seems to be a patch to make cryptsetup behave: http://code.google.com/p/cryptsetup/issues/detail?id=35 Also the maintainer of pam_mount seems to be aware of the issue: http://sourceforge.net/tracker/index.php?func=detail&aid=2834188&group_id=41452&atid=430593 I would be happy to help narrowing down this problem, because whilst getting wrong error messasage on login is just a bit annoying, the total lack of a working sudo is a dealbreaker for me at the moment. Thanks in advance! Reproducible: Always -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=555136
Michael Calmer
http://bugzilla.novell.com/show_bug.cgi?id=555136
User jengelh@medozas.de added comment
http://bugzilla.novell.com/show_bug.cgi?id=555136#c1
Jan Engelhardt
http://bugzilla.novell.com/show_bug.cgi?id=555136
User lnussel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=555136#c2
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=555136
User mc@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=555136#c3
Michael Calmer
http://bugzilla.novell.com/show_bug.cgi?id=555136
Dirk Mueller
http://bugzilla.novell.com/show_bug.cgi?id=555136
User swamp@suse.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=555136#c4
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=555136
Dirk Mueller
http://bugzilla.novell.com/show_bug.cgi?id=555136
User jengelh@medozas.de added comment
http://bugzilla.novell.com/show_bug.cgi?id=555136#c5
Jan Engelhardt
http://bugzilla.novell.com/show_bug.cgi?id=555136
--- Comment #6 from Ludwig Nussel
From a cryptsetup perspective that's perfectly alright. From a pam_mount
http://bugzilla.novell.com/show_bug.cgi?id=555136#c7
--- Comment #7 from Stefan Tittel
http://bugzilla.novell.com/show_bug.cgi?id=555136#c8
--- Comment #8 from Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=555136#c9
--- Comment #9 from Jan Engelhardt
pam_mount(mount.c:67): Errors from underlying mount program: pam_mount(mount.c:71): Command failed: Device _dev_sda8 already exists. pam_mount(pam_mount.c:543): mount of /dev/disk/by-id ata-SAMSUNG_HD501LJ_S0MUJ13P727486-part8 failed
From a cryptsetup perspective that's perfectly alright. From a pam_mount perspective it would be much nicer if pam_mount could first check if the volume is already decrypted/mounted before invoking cryptsetup to do it again.
Surprise, that is exactly what it already does. You may want to enable debug in /etc/pam_mount.conf.xml. Regarding sudo, there was a pam_mount patch for one issue with sudo in pam_mount 1.30. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=555136#c10
Ludwig Nussel
http://bugzilla.novell.com/show_bug.cgi?id=555136#c11
Christian Boltz
the sudo issue is handled in bug 555136.
Wrong bug number - you quoted the number of _this_ report... I guess you are talking about bug 544154 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=555136
http://bugzilla.novell.com/show_bug.cgi?id=555136#c12
Christian Dengler
http://bugzilla.novell.com/show_bug.cgi?id=555136
http://bugzilla.novell.com/show_bug.cgi?id=555136#c13
--- Comment #13 from Stefan Tittel
http://bugzilla.novell.com/show_bug.cgi?id=555136
http://bugzilla.novell.com/show_bug.cgi?id=555136#c14
--- Comment #14 from Jan Engelhardt
http://bugzilla.novell.com/show_bug.cgi?id=555136
http://bugzilla.novell.com/show_bug.cgi?id=555136#c15
--- Comment #15 from Ludwig Nussel
participants (1)
-
bugzilla_noreply@novell.com