[Pkg-utopia-maintainers] Bug#996418: dbus-update-activation-environment: sets wrong PATH since March 2021
Thorsten Glaser
t.glaser at tarent.de
Wed Oct 13 21:57:48 BST 2021
reassign 996418 xrdp
found 996418 0.9.15-1
retitle 996418 xrdp-sesman: fails to initialise environment properly
severity 996418 important
thanks
On Wed, 13 Oct 2021, Thorsten Glaser wrote:
(full quote below for the xrdp maintainers)
> Hi, not sure which package is actually at fault here, but here we go.
> Please reassign (and notify the target package maintainers) as needed.
Having looked at /proc/*/environ for the bogus string it seems to be
injected by xrdp-sesman. Comparing its PAM configuration to that of
su, kdm, etc. I found something obvious lacking (pam_env, which even
"man environment" on Debian points out is the thing loading it). And
the xrdp-sesman start script goes to larger pain to load the locale
(which I wrote probably preciely because this was missing); note I
did not and still do not know anything about PAM except roughly that
it exists ;-)
I just locally tested the following patch (fix this in the PAM config,
drop the locale-loading workaround), and it fixed my PATH for me:
--- a/debian/startwm.sh
+++ b/debian/startwm.sh
@@ -2,26 +2,6 @@
# xrdp X session start script (c) 2015, 2017 mirabilos
# published under The MirOS Licence
-if test -r /etc/default/locale; then
- . /etc/default/locale
- test -z "${LANG+x}" || export LANG
- test -z "${LANGUAGE+x}" || export LANGUAGE
- test -z "${LC_ADDRESS+x}" || export LC_ADDRESS
- test -z "${LC_ALL+x}" || export LC_ALL
- test -z "${LC_COLLATE+x}" || export LC_COLLATE
- test -z "${LC_CTYPE+x}" || export LC_CTYPE
- test -z "${LC_IDENTIFICATION+x}" || export LC_IDENTIFICATION
- test -z "${LC_MEASUREMENT+x}" || export LC_MEASUREMENT
- test -z "${LC_MESSAGES+x}" || export LC_MESSAGES
- test -z "${LC_MONETARY+x}" || export LC_MONETARY
- test -z "${LC_NAME+x}" || export LC_NAME
- test -z "${LC_NUMERIC+x}" || export LC_NUMERIC
- test -z "${LC_PAPER+x}" || export LC_PAPER
- test -z "${LC_TELEPHONE+x}" || export LC_TELEPHONE
- test -z "${LC_TIME+x}" || export LC_TIME
- test -z "${LOCPATH+x}" || export LOCPATH
-fi
-
if test -r /etc/profile; then
. /etc/profile
fi
--- a/instfiles/pam.d/xrdp-sesman.debian
+++ b/instfiles/pam.d/xrdp-sesman.debian
@@ -1,4 +1,6 @@
#%PAM-1.0
+auth required pam_env.so readenv=1
+auth required pam_env.so readenv=1 envfile=/etc/default/locale
@include common-auth
@include common-account
@include common-session
Therefore, reassigning to xrdp (and pushing the fix to its packaging
repository). @xrdp team: this is one I think, after review/testing,
we might with to even fix in stable.
> This machine used to be an unstable machine but some time before the
> release I switched it to bullseye. The date range in question (February
> to March 2021) are when it still was on sid.
>
> I have not yet noticed this because it only affects one command. The
> problem is that it picked up the "wrong" version of the command, the
> one from /usr/bin instead of the one from /usr/local/bin.
>
> This machine is a regular desktop but also has xrdp+xorgxrdp installed
> so I can use it while working remotely. The xrdp sessions log to
> ~/.xsession-errors which is where I could spot the first possible cause
> for this error.
>
> My ~/.xsession-errors contains, with some information snipped for
> legibility:
>
> -----cutting here may damage your screen surface-----
> ⇒ Feb 25 2021, 16:22:09+0100 (CET), 2021-W08-4 (Thu) ⇐
> Xsession: X session started for tglase at Thu Feb 25 16:22:09 CET 2021
> WARNING: tempfile is deprecated; consider using mktemp instead.
> localuser:tglase being added to access control list
> localuser:boinc being added to access control list
> dbus-update-activation-environment: systemd --user not found, ignoring --systemd argument
> […]
> dbus-update-activation-environment: setting PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
> […]
> Xsession: X session started for tglase at Fri Mar 12 19:11:35 CET 2021
> WARNING: tempfile is deprecated; consider using mktemp instead.
> localuser:tglase being added to access control list
> localuser:boinc being added to access control list
> X Error of failed request: BadMatch (invalid parameter attributes)
> Major opcode of failed request: 140 (RANDR)
> […]
> dbus-update-activation-environment: setting PATH=/sbin:/bin:/usr/bin:/usr/local/bin
> […]
> -----cutting here may damage your screen surface-----
>
> From the top, these are:
>
> - one line from my ~/.profile
> - 5 + 1 lines from the session start
> - 6 + 1 lines from the start of the next session
>
> The lower session is definitely xrdp+xorgxrdp, as one of the xset
> calls from ~/.xsessionrc failed. The first call may very well be
> from kdm. These are the two oldest entries in that file.
>
> There are *three* different PATH values set, apparently:
>
> tglase at tglase:~ $ fgrep 'setting PATH=' .xsession-errors | sort | uniq -c
> 1 dbus-update-activation-environment: setting PATH=/home/tglase/.etc/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
> 27 dbus-update-activation-environment: setting PATH=/sbin:/bin:/usr/bin:/usr/local/bin
> 1 dbus-update-activation-environment: setting PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games
>
> The middle one is the one causing me trouble.
>
> The first and the last one are okay and differ only by the first one
> having one entry prepended, which my shell startup file (not .profile
> but the actual interactive(!) shell startup file) sets. This was one
> session in June I have no idea how I started it, looks like Xorg, not
> xrdp+xorgxrdp though. (Normally, when starting services (such as a
> login manager) I use a wrapper script around /etc/init.d/* that clears
> all environment variables.)
>
> So the questions are, (a) where does this bad environment variable
> come from, and (b) why is it also set in my user X session, when
> dbus-update-activation-environment runs as a separate thing, although
> in the X session start process?
>
> I would have expected a user X11 session to use this:
> /etc/environment:PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games"
>
> Instead we're getting a PATH set that nowhere even is configured:
>
> $ sudo fgrep -r /sbin:/bin:/usr/bin:/usr/local/bin /etc
> /etc/init.d/edac:PATH=/sbin:/usr/sbin:/usr/local/sbin:/bin:/usr/bin:/usr/local/bin
>
> Specifically, the presence of /sbin without /usr/sbin in the "bad"
> PATH causes questions; as far as I know, this is not used anywhere
> in Debian like that: either you get both sbins (admin account) or
> (almost everywhere) neither, but not just one of them.
>
> -- System Information:
> Debian Release: 11.1
> APT prefers stable-updates
> APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'oldstable-updates'), (500, 'oldoldstable'), (500, 'stable'), (500, 'oldstable')
> Architecture: amd64 (x86_64)
> Foreign Architectures: i386
>
> Kernel: Linux 5.10.0-9-amd64 (SMP w/4 CPU threads)
> Kernel taint flags: TAINT_FIRMWARE_WORKAROUND
> Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
> Shell: /bin/sh linked to /bin/lksh
> Init: sysvinit (via /sbin/init)
>
> Versions of packages dbus-x11 depends on:
> ii dbus 1.12.20-2
> ii libc6 2.31-13+deb11u2
> ii libdbus-1-3 1.12.20-2
> ii libx11-6 2:1.7.2-1
>
> dbus-x11 recommends no packages.
>
> dbus-x11 suggests no packages.
>
> -- no debconf information
>
bye,
//mirabilos
--
Infrastrukturexperte • tarent solutions GmbH
Am Dickobskreuz 10, D-53121 Bonn • http://www.tarent.de/
Telephon +49 228 54881-393 • Fax: +49 228 54881-235
HRB AG Bonn 5168 • USt-ID (VAT): DE122264941
Geschäftsführer: Dr. Stefan Barth, Kai Ebenrett, Boris Esser, Alexander Steeg
****************************************************
/⁀\ The UTF-8 Ribbon
╲ ╱ Campaign against Mit dem tarent-Newsletter nichts mehr verpassen:
╳ HTML eMail! Also, https://www.tarent.de/newsletter
╱ ╲ header encryption!
****************************************************
More information about the Pkg-utopia-maintainers
mailing list