Bug 476833

Summary: "su" segfaults when "open_only" is used with "pam_tty_audit" in system-auth
Product: Red Hat Enterprise Linux 5 Reporter: Olivier Fourdan <ofourdan>
Component: pamAssignee: Tomas Mraz <tmraz>
Status: CLOSED ERRATA QA Contact: BaseOS QE <qe-baseos-auto>
Severity: medium Docs Contact:
Priority: medium    
Version: 5.3CC: kem, mitr, mmalik, mvadkert, ohudlick, sgrubb
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-02 11:24:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Olivier Fourdan 2008-12-17 12:57:54 UTC 
Description of problem:

When "open_tty" is used with "pam_tty_audit" in system-auth, then "su" segfaults.

Version-Release number of selected component (if applicable):

pam-0.99.6.2-4.el5

How reproducible:

100% reproducible

Steps to Reproduce:
1. Add  "session required pam_tty_audit.so open_only enable=*" to /etc/pam.d/system-auth 
2. Type "su" as a regular user
3. Enter root passwd
  
Actual results:

~someuser $ su
Password: 
Segmentation fault
~someuser $

Expected results:

~someuser $ su
Password: 
~root #

Additional info:

Backtrace follows:

#0  0x00002b5b3a898f65 in _int_malloc () from /lib64/libc.so.6
(gdb) bt
#0  0x00002b5b3a898f65 in _int_malloc () from /lib64/libc.so.6
#1  0x00002b5b3a89b02a in malloc () from /lib64/libc.so.6
#2  0x00002b5b3a909ae0 in __nss_lookup_function () from /lib64/libc.so.6
#3  0x00002b5b3a8bd705 in internal_getgrouplist () from /lib64/libc.so.6
#4  0x00002b5b3a8bd92a in initgroups () from /lib64/libc.so.6
#5  0x00002b5b39bba772 in ?? () from /bin/su
#6  0x00002b5b39bbaec1 in main () from /bin/su
Comment 1 Tomas Mraz 2008-12-17 13:20:06 UTC 
There is a double free() in the pam_tty_audit when open_only is specified and the  auditing is already enabled before the su is run. As a workaround I'd suggest just not using the open_only option - it does not make much sense anyway.
Comment 7 errata-xmlrpc 2009-09-02 11:24:25 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1358.html