Red Hat Bugzilla – Bug 120558
pam_userdb.so from pam-0.75-48 linked against threaded libdb-4.0
Last modified: 2013-07-02 18:59:49 EDT
Description of problem:
"pam_userdb.so" from pam-0.75-48 is linked against threaded
libdb-4.0, that can cause bigger problems. This was the reason to
bundle a libdb with pam (see changelog from pam-0.77-0), but at Red
Hat Linux 9 this wasn't done. So "Very Bad Things" can happen...
Proof of concept:
I ported the security check from the spec file of pam-0.77-38 to
that one of Red Hat Linux 9 (pam-0.75-48), the security check is
line 251 to 263 of the spec file from pam-0.77-38. I started the
rebuild and it simply died, because pam-0.75-48 was linked against
a threaded libdb-4.0.
Version-Release number of selected component (if applicable):
How reproducible & Steps to Reproduce:
Every time and the rest is detailed described above.
I think, the onliest solution is to bundle a non-threaded libdb-4.0
also with pam-0.75-48 (Red Hat Linux 9) to prevent "Very Bad Things"
in the same way as it was done with pam-0.77-38 at Fedora
A good and working solution (and no "notabug" or "worksforme") before
the End-Of-Lifetime of Red Hat Linux 9 is reached...thank you very
Seems so, that there is a patch needed, that libdb-4 is bundable
with pam-0.75-48, because my simple hack failed building.
Nalin, I'm very very sorry to say that, but I still have to say it:
You're lazy like a bone what affects this simple bug!! And I'm also
very very disappointed of you and the work for Red Hat Linux 9. I
still wrote this issue early enough before End-of-Lifetime of Red Hat
Linux 9 reached!
But after EOL is reached now, I think you'll close this bug - sooner
or later - relatively sure with "notabug", "worksforme" or something
But I still hacked a solution out, so that others maybe affected by
that problem, can find a (for me) working solution here. The onliest
thing to make me just a little bit friendlier would be to verify and
approve my solution, if it is right (whether it doesn't take too much
Created attachment 100996 [details]
Diff between spec file of pam of RHL9 and my hack (latest pam)
My hack also should work with the original pam delivered with RHL9.
Created attachment 100997 [details]
Created attachment 100998 [details]
Created attachment 101007 [details]
For those, who want or need it...
Nice, that I got full qualified and useful answers</irony>
I'll close this bug report with "worksforme" now, because Red Hat
Linux 9's time to live is over. Maybe this issue is solved by the
Fedora Legacy team for Red Hat Linux 9.