Bug 6191

Summary: su: Segmentation fault
Product: [Retired] Red Hat Linux Reporter: vadim
Component: pamAssignee: Cristian Gafton <gafton>
Status: CLOSED RAWHIDE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 6.1CC: tomek
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2000-02-05 22:13:27 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description vadim 1999-10-21 17:31:14 UTC 
Redhat 6.1 standart configuration from CD, (ISO from
ftp.sunet.se)

PC: Intel Pentium III 450 MHz, 256 RAM, SCSI hard drive, S3
TrioV2 video adapter.

When run as normal user "su" - receive "Segmentation fault"
Comment 1 vadim 1999-10-22 08:56:59 UTC 
problem only with certain types telnet programs.
RedHat 5.2, Slackware 4.0 - such problems have not.
Comment 2 Tomasz Kepczynski 1999-12-21 08:12:59 UTC 
I have seen very similar problem but for root user. 'su' command without '-'
(like for example 'su news') ends up with segmentation fault (but I wasn't able
to produce core dump even with unlimited coredumpsize). 'su - news' works
fine.
'su' itself from normal user account prompts for password and works fine.
This bug causes segfault from '/etc/cron.daily/slrnpull-expire'.
The problem shows itself when logged on console and from kdm. I haven't tried
remote logins nor gdm.
Comment 3 Tomasz Kepczynski 2000-01-13 19:58:59 UTC 
The problem seems to be related to pam_xauth module and probably should be
solved there. To reproduce a fault you need two things: be logged as root and
have empty DISPLAY variable (so that getenv("DISPLAY") returns empty string,
not NULL). Then try su anybody and thats it.
I suppose the problem lies in pam_xauth.c at line 484 when you try to
free the pointer returned by getenv. I am quite sure you can't do that (but
man page doesn't say a word about it).
pam is pam 0.68-7
Comment 4 Nalin Dahyabhai 2000-02-05 22:13:59 UTC 
tomkep hit it exactly.  This will be fixed in pam-0.72-6 and later in
Raw Hide and future releases.