Re: Potato "testing"
>>>>> "David" == David Huggins-Daines <dhd@eradicator.org> writes:
David> But it doesn't actually work, as Ben found out.
Actually, the reason it doesn't work is because our su is somewhat
broken -- it merely execv()s the shell, whereas for proper PAM
support, it should do what Red Hat's su does and:
1) call pam_open_session
2) fork off shell (after setting proper signal handlers)
3) call pam_close_session when child returns
Unless ours does that, any PAM module that does things based
on the session won't work for su.
I was working today on changing our su to do this, but the su we use
(from the shadow package) really, REALLY sucks. It's impossible to
follow. GNU's su is much cleaner and easier to read.
It'll take me some time to fix it up.
David> What's *really* happening on Red Hat is that gdm sets the
David> XAUTHORITY variable before launching the session. See
David> gdm_slave_start() in daemon/slave.c in the gdm-2.0 source.
David> gdm is so amazingly superior to xdm, I wonder why it is not
David> installed with the task-gnome-desktop package.
That's probably a good question. :)
Ben
--
Brought to you by the letters H and A and the number 18.
"More testicles means more iron."
Debian GNU/Linux maintainer of Gimp and GTK+ -- http://www.debian.org/
Reply to: