Bug 211756 - su segfaults on bad password with pam_krb5
Summary: su segfaults on bad password with pam_krb5
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: pam
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2006-10-21 22:06 UTC by W. Michael Petullo
Modified: 2008-03-27 13:02 UTC (History)
3 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-03-27 12:50:48 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description W. Michael Petullo 2006-10-21 22:06:30 UTC
Description of problem:
The su command segfaults if I configure PAM to authenticate using Kerberos and
provide an incorrect password.

Version-Release number of selected component (if applicable):
coreutils-5.97-11

How reproducible:
Every time

Steps to Reproduce:
1. Configure PAM as below.
2. su - someuser
3. Enter an incorrect password
  
Actual results:
Segmentation fault

Expected results:
The su utility should refuse to authenticate user and not segfault.

Additional info:
auth        required      /lib/security/$ISA/pam_env.so
auth        optional      /lib/security/$ISA/pam_keyring.so
auth        sufficient    /lib/security/$ISA/pam_unix.so use_first_pass
auth        [authinfo_unavail=ignore success=1 default=2]
/lib/security/$ISA/pam_krb5.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so
[...]

If I remove the line for pam_krb5.so then su will not segfault.

(gdb) run - mike
Starting program: /bin/su - mike
[Thread debugging using libthread_db enabled]
[New Thread 805494224 (LWP 2555)]
Error while reading shared library symbols:
Cannot find new threads: generic error
Password: 

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 805494224 (LWP 2555)]
0x07fd60d0 in _pam_dispatch () from /lib/libpam.so.0
(gdb) ba
#0  0x07fd60d0 in _pam_dispatch () from /lib/libpam.so.0
#1  0x07fd55d8 in pam_authenticate () from /lib/libpam.so.0
#2  0x08003838 in main (argc=3, argv=0x7f8d54b4) at su.c:364
#3  0x07dc0d4c in generic_start_main () from /lib/libc.so.6
#4  0x07dc0f74 in __libc_start_main () from /lib/libc.so.6
#5  0x00000000 in ?? ()
(gdb)

Comment 1 Tim Waugh 2006-10-22 09:29:22 UTC
If all you've changed is the pam config then it sounds like a pam_krb5 bug. 
Reassigning..

Comment 2 W. Michael Petullo 2006-10-22 18:19:11 UTC
Is this a bug in the pam library instead?  I have used [authinfo_unavail=ignore
success=1 default=2], however, there is not enough auth modules listed to jump
down two levels in the stack.

I realize that this configuration is not quite right.  However, su certainly
should not segfault!

Comment 3 Tim Waugh 2006-10-23 10:31:49 UTC
su isn't -- pam_krb5.so (which it dynamically loads) is, from the sound of it.

Comment 4 Tomas Mraz 2008-03-27 12:50:48 UTC
This is fixed in Linux-PAM-0.99.10.0 which is in rawhide.



Note You need to log in before you can comment on or make changes to this bug.