Bug 211756 – su segfaults on bad password with pam_krb5

Bug 211756 - su segfaults on bad password with pam_krb5

Summary:	su segfaults on bad password with pam_krb5

Status:	CLOSED RAWHIDE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	pam (Show other bugs)
Sub Component:
Version:	rawhide
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Nalin Dahyabhai
QA Contact:	Brian Brock
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2006-10-21 18:06 EDT by W. Michael Petullo
Modified:	2008-03-27 09:02 EDT (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2008-03-27 08:50:48 EDT
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description W. Michael Petullo 2006-10-21 18:06:30 EDT

Description of problem:
The su command segfaults if I configure PAM to authenticate using Kerberos and
provide an incorrect password.

Version-Release number of selected component (if applicable):
coreutils-5.97-11

How reproducible:
Every time

Steps to Reproduce:
1. Configure PAM as below.
2. su - someuser
3. Enter an incorrect password
  
Actual results:
Segmentation fault

Expected results:
The su utility should refuse to authenticate user and not segfault.

Additional info:
auth        required      /lib/security/$ISA/pam_env.so
auth        optional      /lib/security/$ISA/pam_keyring.so
auth        sufficient    /lib/security/$ISA/pam_unix.so use_first_pass
auth        [authinfo_unavail=ignore success=1 default=2]
/lib/security/$ISA/pam_krb5.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so
[...]

If I remove the line for pam_krb5.so then su will not segfault.

(gdb) run - mike
Starting program: /bin/su - mike
[Thread debugging using libthread_db enabled]
[New Thread 805494224 (LWP 2555)]
Error while reading shared library symbols:
Cannot find new threads: generic error
Password: 

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 805494224 (LWP 2555)]
0x07fd60d0 in _pam_dispatch () from /lib/libpam.so.0
(gdb) ba
#0  0x07fd60d0 in _pam_dispatch () from /lib/libpam.so.0
#1  0x07fd55d8 in pam_authenticate () from /lib/libpam.so.0
#2  0x08003838 in main (argc=3, argv=0x7f8d54b4) at su.c:364
#3  0x07dc0d4c in generic_start_main () from /lib/libc.so.6
#4  0x07dc0f74 in __libc_start_main () from /lib/libc.so.6
#5  0x00000000 in ?? ()
(gdb)

Comment 1 Tim Waugh 2006-10-22 05:29:22 EDT

If all you've changed is the pam config then it sounds like a pam_krb5 bug. 
Reassigning..

Comment 2 W. Michael Petullo 2006-10-22 14:19:11 EDT

Is this a bug in the pam library instead?  I have used [authinfo_unavail=ignore
success=1 default=2], however, there is not enough auth modules listed to jump
down two levels in the stack.

I realize that this configuration is not quite right.  However, su certainly
should not segfault!

Comment 3 Tim Waugh 2006-10-23 06:31:49 EDT

su isn't -- pam_krb5.so (which it dynamically loads) is, from the sound of it.

Comment 4 Tomas Mraz 2008-03-27 08:50:48 EDT

This is fixed in Linux-PAM-0.99.10.0 which is in rawhide.

Note You need to log in before you can comment on or make changes to this bug.