Bug#434372: [Pkg-samba-maint] Bug#434372: pam_smbpass.so cause segfault for 'root' user
First thanks for the hint with 'optional' - I was not an expert in pam setting - I've only seen the crash of 'su' and tried to solve it ;) As a side effect of that discussion, do you think that adding libpam-smbpass to samba-dbg would be a good idea? I did so in my test package which I pointed Zdenek to (which is useless...). Also, maybe building -dbg versions of the login and passwd packages would be a good idea, then. I happen to know the shadow package maintainer..:-) I'm not sure if especially in this case the -dbg version would have helped, but in general I guess it might be helpful for some special occasions. bye kabi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#434372: [Pkg-samba-maint] Bug#434372: pam_smbpass.so cause segfault for 'root' user
I'm adding gdb output - though I'm not sure how usable this could be. Not on its own, but thanks for the effort -- to get a good backtrace you really need to rebuild su with debugging symbols enabled. :) As a side effect of that discussion, do you think that adding libpam-smbpass to samba-dbg would be a good idea? I did so in my test package which I pointed Zdenek to (which is useless...). Also, maybe building -dbg versions of the login and passwd packages would be a good idea, then. I happen to know the shadow package maintainer..:-) signature.asc Description: Digital signature
Bug#434372: [Pkg-samba-maint] Bug#434372: pam_smbpass.so cause segfault for 'root' user
On Sat, Jul 28, 2007 at 08:22:07AM +0200, Christian Perrier wrote: I'm adding gdb output - though I'm not sure how usable this could be. Not on its own, but thanks for the effort -- to get a good backtrace you really need to rebuild su with debugging symbols enabled. :) As a side effect of that discussion, do you think that adding libpam-smbpass to samba-dbg would be a good idea? Not really, I think it'd be wasted space. Consider the number of bugs with backtraces we've had over the years for smbd, vs. pam_smbpass. And as seen, in this case the segfault didn't happen in pam_smbpass itself anyway. :) Also, maybe building -dbg versions of the login and passwd packages would be a good idea, then. I happen to know the shadow package maintainer..:-) Heh, or we could adopt the Ubuntu mechanism of centrally storing debugging symbols on a separate server for all packages. :) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#434372: [Pkg-samba-maint] Bug#434372: pam_smbpass.so cause segfault for 'root' user
On Mon, Jul 23, 2007 at 01:53:55PM +0200, Zdenek Kabelac wrote: Package: libpam-smbpass Version: 3.0.25b-1+b1 Severity: normal On my system I'm using this line in my common-auth pam module: authoptionalpam_smbpass.so migrate and when I try tu use 'su' command to become root and I do not insert correct root password - then su cause segfaul (with correct password - there are no problems) Ok, the first problem seems to be this -- in order to get the error in question, your PAM config must be as follows: authrequire pam_unix.so nullok_secure authoptionalpam_smbpass.so migrate This is wrong, you *must not* use 'require' for the first module in the stack, it must be 'requisite' instead. If you use 'require', the following module will still be called even if the first module fails, and you don't want that; you only want the following module to be called if the first module *succeeds*, to avoid populating the smbpasswd database with passwords from failed authentication attempts. And that fix happens to be sufficient to eliminate the symptoms of your problem, so I would recommend doing that. :) The bug itself is a bit more subtle. The problem is that both pam_smbpass and su try to use syslog, and if pam_smbpass gets called, it messes up the syslogging for the application, leading to the segfault. This looks like a rehash of a discussion I had with the PAM upstream years and years ago, that pam_smbpass was simply never fixed to deal with. I should be able to put a fix together fairly quickly now that I'm aware of the problem. I'm adding gdb output - though I'm not sure how usable this could be. Not on its own, but thanks for the effort -- to get a good backtrace you really need to rebuild su with debugging symbols enabled. :) -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
