Bug 146566 - pam_console_apply -r prints garbage for non-existant groups
pam_console_apply -r prints garbage for non-existant groups
Product: Fedora
Classification: Fedora
Component: pam (Show other bugs)
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Depends On:
  Show dependency treegraph
Reported: 2005-01-29 14:16 EST by Hal Hansen
Modified: 2007-11-30 17:10 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-02-21 10:34:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Hal Hansen 2005-01-29 14:16:12 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6)
Gecko/20040207 Firefox/0.8

Description of problem:

The file "/etc/security/console.perms" references a non-existant
group "floppy". During boot, when rc.sysinit executes 
"pam_console_apply -r" an error message is generated. The error
is displayed as garbage characters.

Running "pam_console_apply -r" from the command line will also
induce the error.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. The file "/etc/security/console.perms" contains the line:
   <console>  0660 <floppy>     0660 root.floppy

2. There is no group "floppy" in "/etc/group"

3. Run "pam_console_apply -r"

Actual Results:  "getgrnam failed for o$+=adfVafa!-7v@$n"

Expected Results:  "getgrnam failed for floppy"

Additional info:

The cause of the bug is two-fold:

1) "/etc/security/console.perms" references non-existant group "floppy".

2) In source code file in the pam source tree:

 The function "_pam_log()" uses "fprintf()" instead of vfprintf()". 
 Also, the include file <stdarg.h> is missing.

Below is a patch which corrects the problem in pam_console_apply.c.
------------------------- cut here 8< ---------------------------

diff -udwr Linux-PAM-0.77~/modules/pam_console/pam_console_apply.c
--- Linux-PAM-0.77~/modules/pam_console/pam_console_apply.c    
2005-01-29 12:33:10.484901864 -0500
+++ Linux-PAM-0.77/modules/pam_console/pam_console_apply.c     
2005-01-29 12:32:35.117278560 -0500
@@ -15,6 +15,7 @@
 #include <fcntl.h>
 #include <unistd.h>
 #include <stdio.h>
+#include <stdarg.h>
 #define STATIC static
 #include "pam_console.h"

@@ -41,7 +42,7 @@
        va_list args;
        if (debug_p && !debug) return;
         va_start(args, format);
-       fprintf(stderr, format, args);
+       vfprintf(stderr, format, args);
Comment 1 Tomas Mraz 2005-01-31 03:13:34 EST
Thank you for the patch, I'll apply it.

However the floppy group is actually in the normal /etc/group file.
It's strange that you don't have it there.

$ grep floppy /etc/group
Comment 2 Hal Hansen 2005-01-31 12:33:40 EST
Thank you, Tomas.

> However the floppy group is actually in the normal /etc/group file.
> It's strange that you don't have it there.

OK, I figured out what happened. I had restored /etc/group to
its original state from "setup-2.5.36-1.noarch.rpm". There is
no group named "floppy" in /etc/group from that archive.

It turns out that one must then install "MAKEDEV-3.13-1.i386.rpm"
which adds the group "floppy" and also user "vcsa" as part of its
install scripts. I also now realize that you have to "setenforce 0"
before doing this!

In any case, the pam bug is a legitimate bug. My misconfiguration
of /etc/group  provided the test case which triggred the bug in

thanks again,

Note You need to log in before you can comment on or make changes to this bug.