#13: pam_env: Unterminated expandable variable raises a critical error ------------------------+------------------------------ Reporter: moritasho | Owner: pam-developers@… Type: defect | Status: new Priority: major | Component: modules Version: | Keywords: Blocked By: | Blocking: ------------------------+------------------------------ This is originated from Bug#699805 in Debian BTS http://bugs.debian.org /cgi-bin/bugreport.cgi?bug=699805, and I'm forwarded here. Hi, When pam_env founds an unterminated expandable variable while parsing a conffile, it makes a critical error. It results any login to be rejected. To reproduce the problem, put the following line into /etc/security/pam_env.conf {{{ FOO DEFAULT="${VAR" }}} Any login will fail and the following error message will be logged to syslog: {{{ pam_env(login:session): Unterminated expandable variable: <${VAR> Critical error - immediate abort }}} The error message is came from modules/pam_env/pam_env.c: {{{ static int _expand_arg(pam_handle_t *pamh, char **value) { [...] D(("Unterminated expandable variable: <%s>", orig-2)); pam_syslog(pamh, LOG_ERR, "Unterminated expandable variable: <%s>", orig-2); return PAM_ABORT; }}} When this function found an unterminated expandable variable, it returns PAM_ABORT, and it will raises a critical error. I think unterminated expandable variable is a small error, not so critical. I suggest to change the function to return BAD_LINE instead of PAM_ABORT. Regards, -- Ticket URL: <https://fedorahosted.org/linux-pam/ticket/13> linux-pam <http://fedorahosted.org/linux-pam> The Linux-PAM (Pluggable Authentication Modules) project