Infinite loop on Arch Linux

[mateusz-gozdek-sociomantic]

I'm reporting upstream a bug described in https://bugs.archlinux.org/task/61300.

I'm aware of #47 and required modification to PAM configuration, however, I believe, that this behaviour is a bug, as it results in situation, when only thing you can do is to reboot your machine or kill the process over SSH.

Here is also the screenshot of what's happening (probably known issue) from virtual box:

Steps to reproduce (assuming Vagrant with VirtualBox is installed):

• Execute following commands locally:

  echo "Vagrant.configure("2") do |config|
  config.vm.box = "archlinux/archlinux"
  config.vm.provider "virtualbox" do |v|
    v.gui = true
  end
  end" > Vagrantfile
  vagrant up
  vagrant ssh

• In SSH session, execute following:

  echo "[options]
  HoldPkg     = pacman glibc
  Architecture = auto
  CheckSpace
  SigLevel    = Required DatabaseOptional
  LocalFileSigLevel = Optional
  [testing]
  Include = /etc/pacman.d/mirrorlist
  [core]
  Include = /etc/pacman.d/mirrorlist
  [extra]
  Include = /etc/pacman.d/mirrorlist
  [community]
  Include = /etc/pacman.d/mirrorlist" | sudo tee /etc/pacman.conf
  sudo pacman -Sy pambase physlock
  sudo rm /etc/pam.d/physlock
  physlock -m

• In the GUI, you should be able to see infinite loop and physlock does not respond to Ctrl+C.

[xyb3rt]

What do you want me to do?

[mateusz-gozdek-sociomantic]

I'd expect physlock to gracefully handle PAM misconfiguration, for example, by checking the configuration before entering the loop.

(Edit): If this is not possible, documentation should at least explicitly say about PAM configuration requirements and implications.

[xyb3rt]

I expect the packager/user who installs physlock to do the PAM configuration. An approriate PAM configuration is a necessity for any application that uses PAM. But an application cannot force the configuration upon the user because it does not know what authentication mechanisms the user wants to use--think of yubi keys.

[mateusz-gozdek-sociomantic]

Well, still, with default PAM configuration (http://www.linux-pam.org/Linux-PAM-html/sag-security-issues-other.html), physlock does not work at the moment and README.md does not mention how to configure it.

Why can't README.md mention the same configuration, which is mentioned in https://github.com/muennich/physlock/issues/47#issuecomment-274445853 to make it more clear for new users at least?

[xyb3rt]

I am working on making it more clearer as stated in the issue you've referenced.

[mateusz-gozdek-sociomantic]

Shouldn't there be an issue about it on GitHub then?

[xyb3rt]

You've already referenced it: #47.

[mateusz-gozdek-sociomantic]

But it's closed, meaning it is resolved, when in reality, you are still working on it, as you told, so it is not resolved. Maybe it should be reopened then.