Bug 146566

Summary: pam_console_apply -r prints garbage for non-existant groups
Product: [Fedora] Fedora Reporter: Hal Hansen <fivereels>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED RAWHIDE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-02-21 15:34:54 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Hal Hansen 2005-01-29 19:16:12 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
Gecko/20040207 Firefox/0.8

Description of problem:

The file "/etc/security/console.perms" references a non-existant
group "floppy". During boot, when rc.sysinit executes 
"pam_console_apply -r" an error message is generated. The error
is displayed as garbage characters.

Running "pam_console_apply -r" from the command line will also
induce the error.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. The file "/etc/security/console.perms" contains the line:
   <console>  0660 <floppy>     0660 root.floppy

2. There is no group "floppy" in "/etc/group"

3. Run "pam_console_apply -r"

Actual Results:  "getgrnam failed for o$+=adfVafa!-7v@$n"

Expected Results:  "getgrnam failed for floppy"

Additional info:

The cause of the bug is two-fold:

1) "/etc/security/console.perms" references non-existant group "floppy".

2) In source code file in the pam source tree:

 The function "_pam_log()" uses "fprintf()" instead of vfprintf()". 
 Also, the include file <stdarg.h> is missing.

Below is a patch which corrects the problem in pam_console_apply.c.
------------------------- cut here 8< ---------------------------

diff -udwr Linux-PAM-0.77~/modules/pam_console/pam_console_apply.c
--- Linux-PAM-0.77~/modules/pam_console/pam_console_apply.c    
2005-01-29 12:33:10.484901864 -0500
+++ Linux-PAM-0.77/modules/pam_console/pam_console_apply.c     
2005-01-29 12:32:35.117278560 -0500
@@ -15,6 +15,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <stdio.h>
+#include <stdarg.h>
 #define STATIC static
 #include "pam_console.h"

@@ -41,7 +42,7 @@
        va_list args;
        if (debug_p && !debug) return;
         va_start(args, format);
-       fprintf(stderr, format, args);
+       vfprintf(stderr, format, args);

Comment 1 Tomas Mraz 2005-01-31 08:13:34 UTC
Thank you for the patch, I'll apply it.

However the floppy group is actually in the normal /etc/group file.
It's strange that you don't have it there.

$ grep floppy /etc/group

Comment 2 Hal Hansen 2005-01-31 17:33:40 UTC
Thank you, Tomas.

> However the floppy group is actually in the normal /etc/group file.
> It's strange that you don't have it there.

OK, I figured out what happened. I had restored /etc/group to
its original state from "setup-2.5.36-1.noarch.rpm". There is
no group named "floppy" in /etc/group from that archive.

It turns out that one must then install "MAKEDEV-3.13-1.i386.rpm"
which adds the group "floppy" and also user "vcsa" as part of its
install scripts. I also now realize that you have to "setenforce 0"
before doing this!

In any case, the pam bug is a legitimate bug. My misconfiguration
of /etc/group  provided the test case which triggred the bug in

thanks again,