[Pkg-samba-maint] Bug#434372: Bug#434372: pam_smbpass.so cause segfault for 'root' user

Steve Langasek vorlon at debian.org
Fri Jul 27 20:13:33 UTC 2007 

On Mon, Jul 23, 2007 at 01:53:55PM +0200, Zdenek Kabelac wrote:
> Package: libpam-smbpass
> Version: 3.0.25b-1+b1
> Severity: normal

> On my system I'm using this line in my common-auth pam module:

> auth    optional        pam_smbpass.so migrate

> and when I try tu use 'su' command to become root and I do
> not insert correct root password - then su cause segfaul
> (with correct password - there are no problems)

Ok, the first problem seems to be this -- in order to get the error in
question, your PAM config must be as follows:

auth    require         pam_unix.so nullok_secure
auth    optional        pam_smbpass.so migrate

This is wrong, you *must not* use 'require' for the first module in the
stack, it must be 'requisite' instead.  If you use 'require', the following
module will still be called even if the first module fails, and you don't
want that; you only want the following module to be called if the first
module *succeeds*, to avoid populating the smbpasswd database with passwords
from failed authentication attempts.

And that fix happens to be sufficient to eliminate the symptoms of your
problem, so I would recommend doing that. :)

The bug itself is a bit more subtle.  The problem is that both pam_smbpass
and su try to use syslog, and if pam_smbpass gets called, it messes up the
syslogging for the application, leading to the segfault.

This looks like a rehash of a discussion I had with the PAM upstream years
and years ago, that pam_smbpass was simply never fixed to deal with.  I
should be able to put a fix together fairly quickly now that I'm aware of
the problem.

> I'm adding gdb output - though I'm not sure how usable
> this could be. 

Not on its own, but thanks for the effort -- to get a good backtrace you
really need to rebuild su with debugging symbols enabled. :)

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon at debian.org                                   http://www.debian.org/

More information about the Pkg-samba-maint mailing list