Bugzilla – Bug 855160
Spurious pam_systemd(sudi:session) message about non-existing environment entry XDG_RUNTIME_DIR
Last modified: 2017-01-17 12:23:13 UTC
Created attachment 571563 [details] sudo -V User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:25.0) Gecko/20100101 Firefox/25.0 When executing the command 'sudo zypper ps' or any other command related to sudo and su, the following message is logged through syslog: [date] [hostname] sudo: pam_systemd(sudo:session): pam_putenv: delete non-existing entry; XDG_RUNTIME_DIR The command is executed correctly. Reproducible: Always Steps to Reproduce: 1. sudo zypper ps 2. 3. Actual Results: Message [date] [hostname] sudo: pam_systemd(sudo:session): pam_putenv: delete non-existing entry; XDG_RUNTIME_DIR is logged to syslog Expected Results: No message is logged to syslog Kernel: Linux 3.11.6-4-default #1 SMP
-> systemd bug
This problem is introduced with a patch 1012-pam_systemd_do_override_XDG_RUNTIME_DIR_of_the_original_user.patch I think best would be to add a check for both env and pam_env to check with getenv() and pam_getenv() whether variable XDG_RUNTIME_DIR is not empty and then remove. I mean in the following part of the patch: + } else { + (void) unsetenv("XDG_RUNTIME_DIR"); + r = pam_putenv(handle, "XDG_RUNTIME_DIR"); + if (r != PAM_SUCCESS && r != PAM_BAD_ITEM) { + pam_syslog(handle, LOG_ERR, "Failed to unset runtime dir."); + } Upstream is a bit different in this regard and does not contain the above.
The problem is if XDG_RUNTIME_DIR is set then the upstream code does exactly nothing which leads to the fact that if xdg-su is called for e.g. pulseaudio then there will be a root owned directory below $XDG_RUNTIME_DIR which is the user and not root. If only pam_putenv() is used to remove the XDG_RUNTIME_DIR variable nothing happens and this is the reason *why* I have added unsetenv() to make sure that root does *never* use the users $XDG_RUNTIME_DIR
To be consistent with the requirement Werner Finks describes and to avoid the error message, shouldn't the code be ammended as follows? - (void) unsetenv("XDG_RUNTIME_DIR"); + if(getenv("XDG_RUNTIME_DIR") != NULL) { + (void) unsetenv("XDG_RUNTIME_DIR"); + }
(In reply to comment #4) > To be consistent with the requirement Werner Finks describes and to avoid the > error message, shouldn't the code be ammended as follows? > > - (void) unsetenv("XDG_RUNTIME_DIR"); > > + if(getenv("XDG_RUNTIME_DIR") != NULL) { > + (void) unsetenv("XDG_RUNTIME_DIR"); > + } Yea, this is basically what I wrote, but since warning comes from pam_putenv(), it should be also covered with a similar check.
openSUSE-RU-2015:0823-1: An update that has two recommended fixes can now be installed. Category: recommended (moderate) Bug References: 855160,922536 CVE References: Sources used: openSUSE 13.1 (src): systemd-208-35.1, systemd-mini-208-35.1, systemd-rpm-macros-2-35.1
closing as fixed