Bug 116282 - Turn on ldap, su - gets segmentation fault
Turn on ldap, su - gets segmentation fault
Status: CLOSED DUPLICATE of bug 114575
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: nss_ldap (Show other bugs)
3.0
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Nalin Dahyabhai
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-02-19 12:47 EST by Need Real Name
Modified: 2007-11-30 17:07 EST (History)
8 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-02-14 09:59:33 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2004-02-19 12:47:35 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Description of problem:
I turned on LDAP authentication using 'authconfig'. I didn't select 
the TLS option.

After that, su - fails with the following error message:

% su -
Password:
free(): invalid pointer 0x8055708!
Segmentation fault

If I turn off nscd, I get the following error message:

su -
Password:
Segmentation fault

If I turn on off the LDAP configuration, su - works fine.

This doesn't happen with Redhat Enterprise Linux 2.1, nor does it 
happen with Redhat 9.0. It only happens on Redhat Enterprise Linux 
3.0.

I'm guessing the bug is in nss_ldap since turning on ldap caused the 
problem.

Version-Release number of selected component (if applicable):
nss_ldap-207-2

How reproducible:
Always

Steps to Reproduce:
1. Turn on LDAP configuration without TLS turned on
2. Type 'su -'
3.
    

Actual Results:  Segmentation fault

Expected Results:  Should have allowed the user to become root

Additional info:

If I change all lines in /etc/pam.d/system-auth from:

lib/security/$ISA/pam_unix.so ...

to

/lib/security/$ISA/pam_pwdb.so ...

it no longer seg faults. However, I read that changing this isn't a 
good idea because some things will break. Don't know if that's true 
or not??
Comment 1 Ryan Dooley 2004-03-15 17:07:19 EST
I have found that, in order to make "su" not segfault with pam_ldap 
enabled, I had to disable the line in /etc/pam.d/system-auth: 
 
account     [default=bad success=ok user_unknown=ignore 
service_err=ignore system_err=ignore] /lib/security/$ISA/pam_ldap.so 
 
by commenting it out.  I still can't get in with ssh.  RHELU1 things 
there is an authentication failure happening (actually, sshd sefaults 
in -d -d -d mode). 
 
My /etc/ldap.conf file looks like this: 
 
host a.b.c.d a.b.c.e 
base dc=edu 
ldap_version 3 
binddn ldap_user@ldap.domain.edu 
bindpw ldap_password 
port 3268 
scope sub 
 
nss_map_objectclass posixAccount User 
nss_map_attribute uid sAMAccountName 
nss_map_attribute uniqueMember Member 
pam_login_attribute sAMAccountName 
pam_filter objectclass=User 
pam_password md5 
 
ssl start_tls 
tls_checkpeer no 
 
 
Under Fedora (1.90) this configuration file works like a charm with 
nss_ldap-212-1. 
Comment 2 Richard Blocker 2004-06-30 17:34:02 EDT
x86_64 (both AS and WS) on Opteron does not have this problem.  I have
three systems configured to use the same LDAP server (openldap  in
exactly the same way, and the i386 WS is the only one that seg faults.
 I can login as root on both the console and via ssh, but if I try to
su, I get a segmentation fault.
Comment 3 Jason Sauve 2004-07-19 12:49:05 EDT
Read Bug ID #115399 to see if my posting applies to you regarding 
this issue.
Comment 4 Need Real Name 2004-07-19 23:17:15 EDT
For my problem I don't have any spaces in the group names (I didn't 
even know that was allowed), so it appears that the comment in 
#115399 doesn't apply in my case.
Comment 5 Nick Nauwelaerts 2004-10-15 10:21:47 EDT
We are also experiencing this bug on RHAS3/i386 (update 2 and 3), our
opteron machines running RHAS3/amd64 don't have this issue.
We did notice that if we boot the system with less memory everything
works just fine. Booting with 4GB of ram will make su segfault,
booting with only 512MB ram will make su work fine. (our opterons have
12GB of ram in them)

Do note that this only happens when doing when executing "su - <user>"
as a regular user. When we execut "su - <user>" as root we do not have
this issue.

Turning off nscd will make su - work fine as well, regretfully
performance will plummet so this is not an option.

We do not use any ldap groups or users with spaces in them, our ldap
server is Windows 2003.
Comment 6 Jos Vos 2004-12-22 05:37:58 EST
Here I have the same problem, but also *without* running nscd.  In
fact, nscd won't start (it might fail for the same reason, I didn't
investigate).  Also "getent passwd", "getent group", etc. segfault. 
FWIW, we're talking to an OpenLDAP 2.0.27 server.
Comment 7 Matthew Davis 2005-02-14 09:59:33 EST

*** This bug has been marked as a duplicate of 114575 ***

Note You need to log in before you can comment on or make changes to this bug.