[Bug 263893] pam_exec.so in auth stack with expose_authtok option makes su segfault

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 263893] pam_exec.so in auth stack with expose_authtok option makes su segfault"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 263893] pam_exec.so in auth stack with expose_authtok option makes su segfault"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 263893] pam_exec.so in auth stack with expose_authtok option makes su segfault"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 10 May 2022 10:43:38 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=263893

            Bug ID: 263893
           Summary: pam_exec.so in auth stack with expose_authtok option
                    makes su segfault
           Product: Base System
           Version: 13.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: felix@palmen-it.de

su(1) segfaults when there's pam_exec.so in the "auth" stack with the option
expose_authtok.

To reproduce, use the following "auth" config in /etc/pam.d/system:

auth            sufficient      pam_exec.so             expose_authtok
/usr/bin/false
auth            required        pam_unix.so             use_first_pass nullok

When removing the 'use_first_pass' option from 'pam_unix.so', su asks for a
password a second time (as expected), but still segfaults.

When removing the 'expose_authtok' option from 'pam_exec.so', the segfault is
gone.

A lot of (probably irrelevant) context is here:
https://forums.freebsd.org/threads/su-segfaults-when-adding-some-custom-pam_exec-to-the-auth-stack.85112/

-- 
You are receiving this mail because:
You are the assignee for the bug.