Bug 6191 - su: Segmentation fault
Summary: su: Segmentation fault
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam
Version: 6.1
Hardware: i386
OS: Linux
high
high
Target Milestone: ---
Assignee: Cristian Gafton
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 1999-10-21 17:31 UTC by vadim
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2000-02-05 22:13:27 UTC
Embargoed:


Attachments (Terms of Use)

Description vadim 1999-10-21 17:31:14 UTC
Redhat 6.1 standart configuration from CD, (ISO from
ftp.sunet.se)

PC: Intel Pentium III 450 MHz, 256 RAM, SCSI hard drive, S3
TrioV2 video adapter.

When run as normal user "su" - receive "Segmentation fault"

Comment 1 vadim 1999-10-22 08:56:59 UTC
problem only with certain types telnet programs.
RedHat 5.2, Slackware 4.0 - such problems have not.

Comment 2 Tomasz Kepczynski 1999-12-21 08:12:59 UTC
I have seen very similar problem but for root user. 'su' command without '-'
(like for example 'su news') ends up with segmentation fault (but I wasn't able
to produce core dump even with unlimited coredumpsize). 'su - news' works
fine.
'su' itself from normal user account prompts for password and works fine.
This bug causes segfault from '/etc/cron.daily/slrnpull-expire'.
The problem shows itself when logged on console and from kdm. I haven't tried
remote logins nor gdm.

Comment 3 Tomasz Kepczynski 2000-01-13 19:58:59 UTC
The problem seems to be related to pam_xauth module and probably should be
solved there. To reproduce a fault you need two things: be logged as root and
have empty DISPLAY variable (so that getenv("DISPLAY") returns empty string,
not NULL). Then try su anybody and thats it.
I suppose the problem lies in pam_xauth.c at line 484 when you try to
free the pointer returned by getenv. I am quite sure you can't do that (but
man page doesn't say a word about it).
pam is pam 0.68-7

Comment 4 Nalin Dahyabhai 2000-02-05 22:13:59 UTC
tomkep hit it exactly.  This will be fixed in pam-0.72-6 and later in
Raw Hide and future releases.


Note You need to log in before you can comment on or make changes to this bug.