Re: [Patch] Make pam_mail work with root_squash

[Steve Langasek <vorlon debian org>]

Hi David,

On Wed, Oct 03, 2007 at 08:53:38PM -0400, David Bartley wrote:
> My apologies, the previous mail was missing the subject.

> If you have nfs-mounted maildir's with root_squash enabled, pam_mail will
> not work, in the sense that it always displays 'No mail' regardless of
> whether or not you actually have mail. This is because pam_mail scans the
> maildir directory as root, and root_squash then denies pam_mail access to
> the maildirs. I've included a patch that calls seteuid to switch to the
> user being logged in, scans the maildir, and reverts to the previous
> effective uid.

> I have deployed a patched pam_mail to a few machines and have not noticed
> any problems.

Given that nowhere is there a spec that requires PAM applications to assume
particular privileges before calling into pam_open_session(), this patch
carries some risk of inadvertently dropping privileges that it shouldn't.
C.f. the uid-changing code in pam_unix for more (scary) details.

Also, on recent Linux systems setfsuid() is a simpler way to handle NFS root
squash.  C.f. pam_rhosts and pam_xauth for examples of this.

I think the best option here is to use setfsuid() if available, and fall
back to seteuid().

Cheers,
-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon debian org                                   http://www.debian.org/