Bug 211756 - su segfaults on bad password with pam_krb5
su segfaults on bad password with pam_krb5
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: pam (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-21 18:06 EDT by W. Michael Petullo
Modified: 2008-03-27 09:02 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-03-27 08:50:48 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description W. Michael Petullo 2006-10-21 18:06:30 EDT
Description of problem:
The su command segfaults if I configure PAM to authenticate using Kerberos and
provide an incorrect password.

Version-Release number of selected component (if applicable):
coreutils-5.97-11

How reproducible:
Every time

Steps to Reproduce:
1. Configure PAM as below.
2. su - someuser
3. Enter an incorrect password
  
Actual results:
Segmentation fault

Expected results:
The su utility should refuse to authenticate user and not segfault.

Additional info:
auth        required      /lib/security/$ISA/pam_env.so
auth        optional      /lib/security/$ISA/pam_keyring.so
auth        sufficient    /lib/security/$ISA/pam_unix.so use_first_pass
auth        [authinfo_unavail=ignore success=1 default=2]
/lib/security/$ISA/pam_krb5.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so
[...]

If I remove the line for pam_krb5.so then su will not segfault.

(gdb) run - mike
Starting program: /bin/su - mike
[Thread debugging using libthread_db enabled]
[New Thread 805494224 (LWP 2555)]
Error while reading shared library symbols:
Cannot find new threads: generic error
Password: 

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 805494224 (LWP 2555)]
0x07fd60d0 in _pam_dispatch () from /lib/libpam.so.0
(gdb) ba
#0  0x07fd60d0 in _pam_dispatch () from /lib/libpam.so.0
#1  0x07fd55d8 in pam_authenticate () from /lib/libpam.so.0
#2  0x08003838 in main (argc=3, argv=0x7f8d54b4) at su.c:364
#3  0x07dc0d4c in generic_start_main () from /lib/libc.so.6
#4  0x07dc0f74 in __libc_start_main () from /lib/libc.so.6
#5  0x00000000 in ?? ()
(gdb)
Comment 1 Tim Waugh 2006-10-22 05:29:22 EDT
If all you've changed is the pam config then it sounds like a pam_krb5 bug. 
Reassigning..
Comment 2 W. Michael Petullo 2006-10-22 14:19:11 EDT
Is this a bug in the pam library instead?  I have used [authinfo_unavail=ignore
success=1 default=2], however, there is not enough auth modules listed to jump
down two levels in the stack.

I realize that this configuration is not quite right.  However, su certainly
should not segfault!
Comment 3 Tim Waugh 2006-10-23 06:31:49 EDT
su isn't -- pam_krb5.so (which it dynamically loads) is, from the sound of it.
Comment 4 Tomas Mraz 2008-03-27 08:50:48 EDT
This is fixed in Linux-PAM-0.99.10.0 which is in rawhide.

Note You need to log in before you can comment on or make changes to this bug.