Bug#905277: gdm3: GDM blocks SIGUSR1 from being used by PAM scripts
Dariusz Gadomski
dariusz.gadomski at canonical.com
Thu Aug 2 14:37:39 BST 2018
Package: gdm3
Version: 3.28.2-3
Severity: normal
Tags: patch
User: ubuntu-devel at lists.ubuntu.com
Usertags: origin-ubuntu cosmic ubuntu-patch
Dear Maintainer,
In case of the following scenario:
1. PAM configured to run auth and session with pam_exec scripts synchronizing
via SIGUSR1
2. Using GDM as the login manager causes SIGUSR1 never reaches the target
scripts.
Workaround:
Use SIGUSR2 in the scripts.
Comment out block_sigusr1() call in daemon/main.c.
In Ubuntu, the attached patch was applied to unblock SIGUSR1 before PAM comes
to action.
* Unblock SIGUSR1 before PAM. (LP: #1782152)
This issue has been fixed upstream:
https://gitlab.gnome.org/GNOME/gdm/issues/399
Thanks for considering the patch.
Dariusz Gadomski
-- System Information:
Debian Release: buster/sid
APT prefers bionic-updates
APT policy: (500, 'bionic-updates'), (500, 'bionic-security'), (500, 'bionic'), (100, 'bionic-backports')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.15.0-29-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) (ignored: LC_ALL set to en_US.UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
-------------- next part --------------
diff -Nru gdm3-3.28.2/debian/control gdm3-3.28.2/debian/control
--- gdm3-3.28.2/debian/control 2018-06-13 13:56:13.000000000 +0200
+++ gdm3-3.28.2/debian/control 2018-07-23 10:58:27.000000000 +0200
@@ -5,8 +5,7 @@
Source: gdm3
Section: gnome
Priority: optional
-Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
-XSBC-Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
+Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
Uploaders: Iain Lane <laney at debian.org>, Jeremy Bicha <jbicha at debian.org>, Laurent Bigonville <bigon at debian.org>, Michael Biebl <biebl at debian.org>, Tim Lunn <tim at feathertop.org>
Build-Depends: gnome-pkg-tools (>= 0.16.3),
debhelper (>= 10.3),
diff -Nru gdm3-3.28.2/debian/control.in gdm3-3.28.2/debian/control.in
--- gdm3-3.28.2/debian/control.in 2018-06-13 13:56:13.000000000 +0200
+++ gdm3-3.28.2/debian/control.in 2018-07-23 10:58:27.000000000 +0200
@@ -1,8 +1,7 @@
Source: gdm3
Section: gnome
Priority: optional
-Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
-XSBC-Original-Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
+Maintainer: Debian GNOME Maintainers <pkg-gnome-maintainers at lists.alioth.debian.org>
Uploaders: @GNOME_TEAM@
Build-Depends: gnome-pkg-tools (>= 0.16.3),
debhelper (>= 10.3),
diff -Nru gdm3-3.28.2/debian/patches/series gdm3-3.28.2/debian/patches/series
--- gdm3-3.28.2/debian/patches/series 2018-06-13 13:56:13.000000000 +0200
+++ gdm3-3.28.2/debian/patches/series 2018-07-23 10:58:27.000000000 +0200
@@ -25,3 +25,4 @@
ubuntu_config_error_dialog.patch
ubuntu_dont_set_language_env.patch
ubuntu_prefer_ubuntu_session_fallback.patch
+unblock-sigusr1.patch
diff -Nru gdm3-3.28.2/debian/patches/unblock-sigusr1.patch gdm3-3.28.2/debian/patches/unblock-sigusr1.patch
--- gdm3-3.28.2/debian/patches/unblock-sigusr1.patch 1970-01-01 01:00:00.000000000 +0100
+++ gdm3-3.28.2/debian/patches/unblock-sigusr1.patch 2018-07-23 10:58:27.000000000 +0200
@@ -0,0 +1,71 @@
+Description: session-worker: unblock SIGUSR1 before PAM
+ Right now we unblock SIGUSR1 just before starting
+ the session, but we should really do it before
+ starting the worker/PAM.
+
+ This commit fixes that and removes a useless call
+ to set SIGUSR1 back to the default disposition,
+ right before exec (which does the same thing anyway)
+ .
+ gdm3 (3.28.2-3ubuntu2) cosmic; urgency=medium
+ .
+ * Unblock SIGUSR1 before PAM. (LP: #1782152)
+
+Origin: upstream, https://gitlab.gnome.org/GNOME/gdm/commit/b0d1ca9ebf605abb63b95ef73d56d56a1109002e
+Bug: https://gitlab.gnome.org/GNOME/gdm/issues/399
+Bug-Ubuntu: https://gitlab.gnome.org/GNOME/gdm/issues/399
+Last-Update: 2018-07-23
+
+--- gdm3-3.28.2.orig/daemon/gdm-session-worker-job.c
++++ gdm3-3.28.2/daemon/gdm-session-worker-job.c
+@@ -117,12 +117,19 @@ session_worker_job_setup_journal_fds (vo
+ static void
+ session_worker_job_child_setup (GdmSessionWorkerJob *session_worker_job)
+ {
++ sigset_t mask;
+ session_worker_job_setup_journal_fds ();
+
+ /* Terminate the process when the parent dies */
+ #ifdef HAVE_SYS_PRCTL_H
+ prctl (PR_SET_PDEATHSIG, SIGTERM);
+ #endif
++ /*
++ * Reset signal mask to default since it was altered by the
++ * manager process
++ */
++ sigemptyset (&mask);
++ sigprocmask (SIG_SETMASK, &mask, NULL);
+ }
+
+ static void
+--- gdm3-3.28.2.orig/daemon/gdm-session-worker.c
++++ gdm3-3.28.2/daemon/gdm-session-worker.c
+@@ -2025,8 +2025,6 @@ gdm_session_worker_start_session (GdmSes
+ char *home_dir;
+ int stdin_fd = -1, stdout_fd = -1, stderr_fd = -1;
+ gboolean has_journald = FALSE, needs_controlling_terminal = FALSE;
+- sigset_t mask;
+-
+ /* Leak the TTY into the session as stdin so that it stays open
+ * without any races. */
+ if (worker->priv->session_tty_fd > 0) {
+@@ -2147,19 +2145,6 @@ gdm_session_worker_start_session (GdmSes
+ */
+ signal (SIGPIPE, SIG_DFL);
+
+- /*
+- * Reset SIGUSR1 to default since it was blocked by the manager
+- * process for the X server startup handshake
+- */
+- signal (SIGUSR1, SIG_DFL);
+-
+- /*
+- * Reset signal mask to default since it was altered by the
+- * manager process
+- */
+- sigemptyset (&mask);
+- sigprocmask (SIG_SETMASK, &mask, NULL);
+-
+ gdm_session_execute (worker->priv->arguments[0],
+ worker->priv->arguments,
+ (char **)
More information about the pkg-gnome-maintainers
mailing list