From Bugzilla Helper: User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.6) Gecko/20040113 Description of problem: Trying to su under RHEL 3 ES with an 'everything' install causes a segfault. [brianb@qlc6 brianb]$ su - Password: free(): invalid pointer 0x8055708! Segmentation fault Will attach a strace -f on it momentarily and optionally a gdb backtrace if need be. Logging in as root works as does doing a 'sudo su -' if you have sudo setup for the user in question. Version-Release number of selected component (if applicable): coreutils-4.5.3-26 How reproducible: Always Steps to Reproduce: 1. Login as a non-privileged user 2. Type 'su -' and enter the proper root password. 3. The program will segfault. Actual Results: Segfault Expected Results: A root shell should be returned Additional info:
Okay, this is weird. My password that is thirteen characters in length and has a mixture of numbers and letters causes a segfault. Setting the root password to a four character password with no numbers doesn't segfault.
If I make the root password the same as my current 13 characer password but only up to the 11th character, it works. If I use 12 or 13 of the 13 characters, the segfault happens.
Is there a password you can tell me which causes the segfault? Then I can try it here. Also, did you look at the strace -f output? Other things to try: * export MALLOC_CHECK_=1 first to get libc to diagnose malloc misuse * try attaching gdb to get a backtrace
Created attachment 97526 [details] Output of strace -f This is the output of a 'strace -f su -'. The password I tried was 123456789abcd which is 13 characters. If I use that password on the console, it works. If I try to su it tells me incorrect password in the strace (but segfaults otherwise) and says incorrect password in the gdb, which I'm about to include as well.
[brianb@qlc6 brianb]$ gdb su GNU gdb Red Hat Linux (6.0post-0.20031117.6rh) [GNU copyright stuff omitted] This GDB was configured as "i386-redhat-linux-gnu"...Using host libthread_db library "/lib/tls/libthread_db.so.1". (gdb) run - Starting program: /bin/su - Password: Detaching after fork from child process 30431. /bin/su: incorrect password Program exited with code 01.
Could you please attach /etc/pam.d/system-auth? Also, please try 'export MALLOC_CHECK_=1' before running the command.
Created attachment 97787 [details] /etc/pam.d/system-auth The /etc/pam.d/system-auth file, per your request.
[brianb@qlc6 brianb]$ export MALLOC_CHECK_=1 [brianb@qlc6 brianb]$ su - Password: Segmentation fault Should I do the MALLOC_CHECK in conjunction with the gdb backtrace or the strace?
Hmm, I was hoping for a useful diagnostic from the malloc function. Never mind. I suspect this is to do with pam_ldap. Could you try disabling LDAP authentication support by commenting out (with a '#' at the beginning of each line) the lines in /etc/pam.d/system-auth that contain 'pam_ldap', and see if the problem still happens?
(Actually an easier way would be to run authconfig-gtk.)
Since I use LDAP for all my accounts, I had to create a local account before running authconfig to disable LDAP. Sure enough, once this happened the 13 character password works. So where do we go from here?
To the openldap maintainer..
But isn't pam_ldap a part of nss_ldap and not openldap?
the nss_ldap package is broken in almost all redhat and fedora distro even in rhel 3. - first update to the latest nss_ldap and pam_ldap. - then change the db version in the spec file to the one used in the given ditro (eg: for rhel 3 use %define db_version 4.1.25) - of course you need this db versions and it's patches. - compile openldap with the latest 2.1.x with the same db version - recompile postfix with cyrus sasl2 even John Dennis said: ------------------------------------ revert to sasl v1, turn off ipv6 support for RHEL3, we'll branch and set set sasl to v1 and turn off ipv6 ------------------------------------ this false! rhel 3 use sasl 2 what's more postfix crash if you try to use with ldap! the whole nss_ldap, openldap, potfix and sasl was a nightmare for us to put together (just check the segmentation crash in the bugzilla).
*** Bug 116282 has been marked as a duplicate of this bug. ***
This bug is filed against RHEL 3, which is in maintenance phase. During the maintenance phase, only security errata and select mission critical bug fixes will be released for enterprise products. Since this bug does not meet that criteria, it is now being closed. For more information of the RHEL errata support policy, please visit: http://www.redhat.com/security/updates/errata/ If you feel this bug is indeed mission critical, please contact your support representative. You may be asked to provide detailed information on how this bug is affecting you.