Ubuntu
ecryptfs-utils package

pam_ecryptfs generates junk syslog output

Bug #838471 reported by Steve Langasek on 2011-09-01

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	ecryptfs-utils (Ubuntu)	Fix Released	Low	Dustin Kirkland 	Ubuntu ubuntu-11.10-beta-2
	Oneiric	Fix Released	Low	Dustin Kirkland 	Ubuntu ubuntu-11.10-beta-2

Bug Description

I noticed while debugging an unrelated issue that pam_ecryptfs is outputting useless messages to syslog for every PAM authentication:

Aug 31 11:22:08 virgil gnome-screensaver-dialog: pam_sm_authenticate: Called
Aug 31 11:22:08 virgil gnome-screensaver-dialog: pam_sm_authenticate: username = [vorlon]
Aug 31 12:43:00 virgil gnome-screensaver-dialog: pam_sm_authenticate: Called
Aug 31 12:43:00 virgil gnome-screensaver-dialog: pam_sm_authenticate: username = [vorlon]
Aug 31 13:24:06 virgil sudo: pam_sm_authenticate: Called
Aug 31 13:24:06 virgil sudo: pam_sm_authenticate: username = [vorlon]
Aug 31 13:27:00 virgil sudo: pam_sm_authenticate: Called
Aug 31 13:27:00 virgil sudo: pam_sm_authenticate: username = [vorlon]

There's no reason for logging of messages like this in anything but a debug mode.

ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: ecryptfs-utils 90-0ubuntu1
ProcVersionSignature: Ubuntu 3.0.0-9.14-generic 3.0.3
Uname: Linux 3.0.0-9-generic x86_64
Architecture: amd64
Date: Wed Aug 31 17:21:05 2011
InstallationMedia: Ubuntu 10.04.1 LTS "Lucid Lynx" - Release amd64 (20100816.1)
ProcEnviron:
PATH=(custom, user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: ecryptfs-utils
UpgradeStatus: Upgraded to oneiric on 2011-06-27 (65 days ago)

Tags:

Related branches

lp:~ecryptfs/ecryptfs/oldtrunk (Merged)

lp:ubuntu/oneiric/ecryptfs-utils

Revision history for this message

Steve Langasek (vorlon) wrote on 2011-09-01:

Dependencies.txt Edit (827 bytes, text/plain; charset="utf-8")

Changed in ecryptfs-utils (Ubuntu):
status:	New → Triaged
importance:	Undecided → Low

Revision history for this message

Dustin Kirkland  (kirkland) wrote on 2011-09-01: Re: [Bug 838471] Re: pam_ecryptfs generates junk syslog output

Hmm, Steve, how can you tell that it's pam_ecryptfs doing this? Do I
just have some debug flag/value higher than it should be in
pam_ecryptfs?

Revision history for this message

Steve Langasek (vorlon) wrote on 2011-09-01:

On Thu, Sep 01, 2011 at 04:20:26PM -0000, Dustin Kirkland wrote:
> Hmm, Steve, how can you tell that it's pam_ecryptfs doing this?

A grep on all the modules I have installed for matching strings (and prior
knowledge that Linux-PAM's modules don't do such logging).

> Do I just have some debug flag/value higher than it should be in
> pam_ecryptfs?

The messages are being logged unconditionally at LOG_INFO level. I don't
think they should be logged at all unless debugging is somehow turned on for
the module - the information being logged isn't useful in the common case,
it just generates extra disk writes (and possibly extra network traffic,
depending on how syslog is configured).

The one thing I can't work out is why these log messages aren't being logged
to /var/log/auth.log, which is where I have LOG_AUTH, LOG_AUTHPRIV
configured to go on my machine (and where all other PAM-related logging
messages go). But that's a separate issue...

--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
<email address hidden> <email address hidden>

Dustin Kirkland  (kirkland) on 2011-09-01

Changed in ecryptfs-utils (Ubuntu):
status:	Triaged → In Progress
assignee:	nobody → Dustin Kirkland (kirkland)

Dustin Kirkland  (kirkland) on 2011-09-01

Changed in ecryptfs-utils (Ubuntu Oneiric):
milestone:	none → ubuntu-11.10-beta-2
status:	In Progress → Fix Committed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2011-09-01:

This bug was fixed in the package ecryptfs-utils - 92-0ubuntu1

---------------
ecryptfs-utils (92-0ubuntu1) oneiric; urgency=low

  * src/libecryptfs/key_management.c: LP: #725862
    - fix nasty bug affecting users who do *not* encrypt filenames;
      the first login works, but on logout, only one key gets
      cleaned out; subsequent logins do not insert the necessary key
      due to an early "goto out"; this fix needs to be SRU'd
  * debian/rules: LP: #586281
    - fix perms on desktop mount file
  * src/pam_ecryptfs/pam_ecryptfs.c: LP: #838471
    - rework syslogging to be less noisy and note pam_ecryptfs
-- Dustin Kirkland <email address hidden> Thu, 01 Sep 2011 16:25:03 -0500