Bug 476833 - "su" segfaults when "open_only" is used with "pam_tty_audit" in system-auth
"su" segfaults when "open_only" is used with "pam_tty_audit" in system-auth
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam (Show other bugs)
5.3
All Linux
medium Severity medium
: rc
: ---
Assigned To: Tomas Mraz
BaseOS QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-17 07:57 EST by Olivier Fourdan
Modified: 2013-03-03 21:47 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-09-02 07:24:25 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Olivier Fourdan 2008-12-17 07:57:54 EST
Description of problem:

When "open_tty" is used with "pam_tty_audit" in system-auth, then "su" segfaults.

Version-Release number of selected component (if applicable):

pam-0.99.6.2-4.el5

How reproducible:

100% reproducible

Steps to Reproduce:
1. Add  "session required pam_tty_audit.so open_only enable=*" to /etc/pam.d/system-auth 
2. Type "su" as a regular user
3. Enter root passwd
  
Actual results:

~someuser $ su
Password: 
Segmentation fault
~someuser $

Expected results:

~someuser $ su
Password: 
~root #

Additional info:

Backtrace follows:

#0  0x00002b5b3a898f65 in _int_malloc () from /lib64/libc.so.6
(gdb) bt
#0  0x00002b5b3a898f65 in _int_malloc () from /lib64/libc.so.6
#1  0x00002b5b3a89b02a in malloc () from /lib64/libc.so.6
#2  0x00002b5b3a909ae0 in __nss_lookup_function () from /lib64/libc.so.6
#3  0x00002b5b3a8bd705 in internal_getgrouplist () from /lib64/libc.so.6
#4  0x00002b5b3a8bd92a in initgroups () from /lib64/libc.so.6
#5  0x00002b5b39bba772 in ?? () from /bin/su
#6  0x00002b5b39bbaec1 in main () from /bin/su
Comment 1 Tomas Mraz 2008-12-17 08:20:06 EST
There is a double free() in the pam_tty_audit when open_only is specified and the  auditing is already enabled before the su is run. As a workaround I'd suggest just not using the open_only option - it does not make much sense anyway.
Comment 7 errata-xmlrpc 2009-09-02 07:24:25 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1358.html

Note You need to log in before you can comment on or make changes to this bug.