Bug 120558 - pam_userdb.so from pam-0.75-48 linked against threaded libdb-4.0
pam_userdb.so from pam-0.75-48 linked against threaded libdb-4.0
Status: CLOSED WORKSFORME
Product: Red Hat Linux
Classification: Retired
Component: pam (Show other bugs)
9
All Linux
medium Severity high
: ---
: ---
Assigned To: Jindrich Novy
David Lawrence
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-04-10 15:38 EDT by Robert Scheck
Modified: 2013-07-02 18:59 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-10-01 12:39:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Diff between spec file of pam of RHL9 and my hack (latest pam) (20.26 KB, patch)
2004-06-09 12:29 EDT, Robert Scheck
no flags Details | Diff
db-4.0.14-disable-mutex.patch (937 bytes, patch)
2004-06-09 12:30 EDT, Robert Scheck
no flags Details | Diff
db-4.0.14-libobjs.patch (738 bytes, patch)
2004-06-09 12:30 EDT, Robert Scheck
no flags Details | Diff
pam.spec (44.75 KB, text/plain)
2004-06-09 14:29 EDT, Robert Scheck
no flags Details

  None (edit)
Description Robert Scheck 2004-04-10 15:38:36 EDT
Description of problem:
"pam_userdb.so" from pam-0.75-48 is linked against threaded 
libdb-4.0, that can cause bigger problems. This was the reason to 
bundle a libdb with pam (see changelog from pam-0.77-0), but at Red 
Hat Linux 9 this wasn't done. So "Very Bad Things" can happen...

Proof of concept:
I ported the security check from the spec file of pam-0.77-38 to 
that one of Red Hat Linux 9 (pam-0.75-48), the security check is 
line 251 to 263 of the spec file from pam-0.77-38. I started the 
rebuild and it simply died, because pam-0.75-48 was linked against
a threaded libdb-4.0.

Version-Release number of selected component (if applicable):
pam-0.75-48
db4-4.0.14-20

How reproducible & Steps to Reproduce:
Every time and the rest is detailed described above.

Actual results:
I think, the onliest solution is to bundle a non-threaded libdb-4.0
also with pam-0.75-48 (Red Hat Linux 9) to prevent "Very Bad Things"
in the same way as it was done with pam-0.77-38 at Fedora 
Development.

Expected results:
A good and working solution (and no "notabug" or "worksforme") before 
the End-Of-Lifetime of Red Hat Linux 9 is reached...thank you very
much ;-) 

Additional info:
Seems so, that there is a patch needed, that libdb-4 is bundable 
with pam-0.75-48, because my simple hack failed building.
Comment 1 Robert Scheck 2004-06-09 12:25:43 EDT
Nalin, I'm very very sorry to say that, but I still have to say it: 
You're lazy like a bone what affects this simple bug!! And I'm also
very very disappointed of you and the work for Red Hat Linux 9. I 
still wrote this issue early enough before End-of-Lifetime of Red Hat 
Linux 9 reached!

But after EOL is reached now, I think you'll close this bug - sooner
or later - relatively sure with "notabug", "worksforme" or something
like that...

But I still hacked a solution out, so that others maybe affected by 
that problem, can find a (for me) working solution here. The onliest 
thing to make me just a little bit friendlier would be to verify and 
approve my solution, if it is right (whether it doesn't take too much 
work) ;-)
Comment 2 Robert Scheck 2004-06-09 12:29:25 EDT
Created attachment 100996 [details]
Diff between spec file of pam of RHL9 and my hack (latest pam)

My hack also should work with the original pam delivered with RHL9.
Comment 3 Robert Scheck 2004-06-09 12:30:00 EDT
Created attachment 100997 [details]
db-4.0.14-disable-mutex.patch
Comment 4 Robert Scheck 2004-06-09 12:30:27 EDT
Created attachment 100998 [details]
db-4.0.14-libobjs.patch
Comment 5 Robert Scheck 2004-06-09 14:29:37 EDT
Created attachment 101007 [details]
pam.spec

For those, who want or need it...
Comment 6 Robert Scheck 2004-10-01 12:39:02 EDT
Nice, that I got full qualified and useful answers</irony>

I'll close this bug report with "worksforme" now, because Red Hat 
Linux 9's time to live is over. Maybe this issue is solved by the 
Fedora Legacy team for Red Hat Linux 9.

Note You need to log in before you can comment on or make changes to this bug.