Red Hat Bugzilla – Bug 120558
pam_userdb.so from pam-0.75-48 linked against threaded libdb-4.0
Last modified: 2013-07-02 18:59:49 EDT
Description of problem: "pam_userdb.so" from pam-0.75-48 is linked against threaded libdb-4.0, that can cause bigger problems. This was the reason to bundle a libdb with pam (see changelog from pam-0.77-0), but at Red Hat Linux 9 this wasn't done. So "Very Bad Things" can happen... Proof of concept: I ported the security check from the spec file of pam-0.77-38 to that one of Red Hat Linux 9 (pam-0.75-48), the security check is line 251 to 263 of the spec file from pam-0.77-38. I started the rebuild and it simply died, because pam-0.75-48 was linked against a threaded libdb-4.0. Version-Release number of selected component (if applicable): pam-0.75-48 db4-4.0.14-20 How reproducible & Steps to Reproduce: Every time and the rest is detailed described above. Actual results: I think, the onliest solution is to bundle a non-threaded libdb-4.0 also with pam-0.75-48 (Red Hat Linux 9) to prevent "Very Bad Things" in the same way as it was done with pam-0.77-38 at Fedora Development. Expected results: A good and working solution (and no "notabug" or "worksforme") before the End-Of-Lifetime of Red Hat Linux 9 is reached...thank you very much ;-) Additional info: Seems so, that there is a patch needed, that libdb-4 is bundable with pam-0.75-48, because my simple hack failed building.
Nalin, I'm very very sorry to say that, but I still have to say it: You're lazy like a bone what affects this simple bug!! And I'm also very very disappointed of you and the work for Red Hat Linux 9. I still wrote this issue early enough before End-of-Lifetime of Red Hat Linux 9 reached! But after EOL is reached now, I think you'll close this bug - sooner or later - relatively sure with "notabug", "worksforme" or something like that... But I still hacked a solution out, so that others maybe affected by that problem, can find a (for me) working solution here. The onliest thing to make me just a little bit friendlier would be to verify and approve my solution, if it is right (whether it doesn't take too much work) ;-)
Created attachment 100996 [details] Diff between spec file of pam of RHL9 and my hack (latest pam) My hack also should work with the original pam delivered with RHL9.
Created attachment 100997 [details] db-4.0.14-disable-mutex.patch
Created attachment 100998 [details] db-4.0.14-libobjs.patch
Created attachment 101007 [details] pam.spec For those, who want or need it...
Nice, that I got full qualified and useful answers</irony> I'll close this bug report with "worksforme" now, because Red Hat Linux 9's time to live is over. Maybe this issue is solved by the Fedora Legacy team for Red Hat Linux 9.