[Pkg-shadow-devel] Bug#412061: login: su ends PAM session in subshell

Steve Langasek vorlon at debian.org
Sun Feb 25 09:30:34 CET 2007


Commenting on this bug at Christian's request.

I'm not convinced that pam_krb5's behavior is really correct here; but even
so, I think it's ok to drop the call to pam_end() from the child process.

There are two relevant categories of clean-up that are going to be done in a
call to pam_end:

- freeing up of in-memory structures that are no longer used
- other stuff

Since the parent and child processes are identical immediately after the
fork except for their process ID and the fact that they don't share memory,
the parent's pam_end() call will take care of everything in the "other
stuff" category.  And as for memory, there's an execve() two lines later, so
who cares?

So yeah, dropping the pam_end() from the child seems perfectly safe.

Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/

More information about the Pkg-shadow-devel mailing list