From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20020724 Description of problem: If pam_wheel is used without the use_uid argument, and if it is used in an environment where getlogin() fails (and thus returns null), the process gets an segmentation fault. Version-Release number of selected component (if applicable): 0.75-40 How reproducible: Always Steps to Reproduce: 1.Enter a line like this in /etc/pam.d/su. (Note, no use_uid!) auth required /lib/security/pam_wheel.so 2.Run "xterm -ut" 3.In this xterm, do "su" from one ordinary user to another. Actual Results: Segmentation violation Expected Results: I guess pam_wheel should deny access in this case, but it should do so in an orderly way. Additional info: The reason is that the return value from getlogin() is used directly in a call to _pam_getpwnam_r() without checking it first. Afterwards the returned value is checked, but that is too late. The attached patch suggests a trivial solution.
Created attachment 74644 [details] Patch to avoid this segmentation violation.