[Pkg-shadow-devel] Bug#412061: login: su ends PAM session in
subshell
Steve Langasek
vorlon at debian.org
Sun Feb 25 09:30:34 CET 2007
Hi,
Commenting on this bug at Christian's request.
I'm not convinced that pam_krb5's behavior is really correct here; but even
so, I think it's ok to drop the call to pam_end() from the child process.
There are two relevant categories of clean-up that are going to be done in a
call to pam_end:
- freeing up of in-memory structures that are no longer used
- other stuff
Since the parent and child processes are identical immediately after the
fork except for their process ID and the fact that they don't share memory,
the parent's pam_end() call will take care of everything in the "other
stuff" category. And as for memory, there's an execve() two lines later, so
who cares?
So yeah, dropping the pam_end() from the child seems perfectly safe.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
More information about the Pkg-shadow-devel
mailing list