#13: pam_env: Unterminated expandable variable raises a critical error
------------------------+------------------------------
Reporter: moritasho | Owner: pam-developers@…
Type: defect | Status: new
Priority: major | Component: modules
Version: | Keywords:
Blocked By: | Blocking:
------------------------+------------------------------
This is originated from Bug#699805 in Debian BTS
http://bugs.debian.org
/cgi-bin/bugreport.cgi?bug=699805, and I'm forwarded here.
Hi,
When pam_env founds an unterminated expandable variable while parsing a
conffile, it makes a critical error. It results any login to be rejected.
To reproduce the problem, put the following line into
/etc/security/pam_env.conf
{{{
FOO DEFAULT="${VAR"
}}}
Any login will fail and the following error message will be logged to
syslog:
{{{
pam_env(login:session): Unterminated expandable variable: <${VAR>
Critical error - immediate abort
}}}
The error message is came from modules/pam_env/pam_env.c:
{{{
static int _expand_arg(pam_handle_t *pamh, char **value)
{
[...]
D(("Unterminated expandable variable: <%s>", orig-2));
pam_syslog(pamh, LOG_ERR,
"Unterminated expandable variable: <%s>",
orig-2);
return PAM_ABORT;
}}}
When this function found an unterminated expandable variable, it returns
PAM_ABORT, and it will raises a critical error. I think unterminated
expandable variable is a small error, not so critical.
I suggest to change the function to return BAD_LINE instead of PAM_ABORT.
Regards,
--
Ticket URL: <
https://fedorahosted.org/linux-pam/ticket/13>
linux-pam <
http://fedorahosted.org/linux-pam>
The Linux-PAM (Pluggable Authentication Modules) project