group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #26223
[Bug 1782152] Re: GDM blocks SIGUSR1 used in PAM scripts
This bug was fixed in the package gdm3 - 3.28.3-0ubuntu18.04.1
---------------
gdm3 (3.28.3-0ubuntu18.04.1) bionic; urgency=medium
[ Iain Lane ]
* New upstream release 3.28.3 (LP: #1786933):
- CVE-2018-14424 - double free fix
+ 0001-display-store-Pass-the-display-object-rather-than-th.patch: Drop.
- lifecycle fixes to libgdm/GdmClient
- follow up fixes dealing with login screen reaping form last release
- allow pam modules to use SIGUSR1 (LP: #1782152)
- set PWD for user session
- tell cirrus not to use wayland
* Drop backported patches included in this release:
- libgdm-drop-support-for-serializing-multiple-opens.patch
- libgdm-fix-pointer-boolean-task-confusion.patch
- libgdm-don-t-keep-manager-proxy-around-longer-than-we-nee.patch
- libgdm-use-g_object_unref-instead-of-g_clear_object-for-w.patch
- libgdm-get-connection-explicitly.patch
- libgdm-Drop-weak-refs-on-the-GDBusConnection.patch
- libgdm-Unref-the-manager-propagated-from-task.patch
- libgdm-Don-t-double-ref-the-connection-got-from-task.patch
- libgdm-Don-t-leak-connection-on-sync-re-authentication.patch
- libgdm-Use-auto-pointers-and-cleanup-code.patch
- libgdb-Try-to-reuse-connections-from-the-available-proxie.patch
- libgdm-Don-t-save-manager-address.patch
- libgdm-Return-NULL-on-invalid-client-instances.patch
- daemon-gdm-session-record.c-open-close-the-utmp-database.patch
[ Alberto Milone ]
* ubuntu_nvidia_prime.patch:
- Run scripts for Prime before and after Gdm sessions (LP: #1778011).
-- Iain Lane <iain.lane@xxxxxxxxxxxxx> Fri, 17 Aug 2018 16:53:31 +0100
** Changed in: gdm3 (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-14424
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1782152
Title:
GDM blocks SIGUSR1 used in PAM scripts
Status in gdm3 package in Ubuntu:
Fix Released
Status in gdm3 source package in Xenial:
Fix Released
Status in gdm3 source package in Bionic:
Fix Released
Status in gdm3 source package in Cosmic:
Fix Released
Status in gdm3 package in Debian:
Fix Released
Bug description:
https://gitlab.gnome.org/GNOME/gdm/issues/399
[Impact]
GDM blocks SIGUSR1 for it's processes, since this is used in communication with X. This signal is later unblocked, however it happens after PAM
interaction, so if PAM depends on this signal in any way it will get blocked.
The issue has been fixed upstream.
[Test Case]
1. Prepare a setup described in Other Info using the attached scripts.
2. Log in.
3. Check logs /tmp/auth.log.
Expected result: SIGUSR1 has been received.
Actual result: SIGUSR1 never reaches the process.
[Regression Potential]
If there were components depending on SIGUSR1 their behavior may change - features that were inactive before may be triggered.
[Other Info]
Original bug description:
In case of the following scenario:
1. PAM configured to run auth and session with pam_exec scripts synchronizing via SIGUSR1
2. Using GDM as the login manager causes SIGUSR1 never reaches the target scripts.
Workaround:
a) Use SIGUSR2 in the scripts.
b) Comment out block_sigusr1() call in daemon/main.c.
To reproduce add the following entries:
/etc/pam.d/common-auth:
auth optional pam_exec.so log=/tmp/auth.log expose_authtok quiet /usr/local/bin/auth.py
/etc/pam.d/common-session:
session optional pam_exec.so log=/tmp/session.log /usr/local/bin/session.py
Attaching example scripts.
When using SIGUSR1 - sigusr1_handler is never called, with SIGUSR2 it is called without issues.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gdm3/+bug/1782152/+subscriptions