sudo 1.6.9 segfault
Tom McLaughlin
tmclaugh at sdf.lonestar.org
Mon Jul 23 02:06:12 UTC 2007
On Sun, 2007-07-22 at 09:09 +0600, yarodin wrote:
> В сообщении от Saturday 21 July 2007 23:19:35 вы написали:
> > On Sat, 2007-07-21 at 16:39 +0600, yarodin wrote:
> > > Jul 21 15:12:01 home sudo: admin : TTY=unknown ; PWD=/home/admin ;
> > > USER=root ; COMMAND=/sbin/ipfw
> > > Jul 21 15:12:36 home kernel: pid 42226 (sudo), uid 0: exited on signal 11
> >
> > I need a little more information.
> >
> > sudoers:
> > tom LOCAL = NOPASSWD: /sbin/ipfw
> >
> > [tom at releng-7-fbsd tom]$ sudo ipfw
> > Last login: Sat Jul 21 13:09:52 on ttyp0
> > usage: ipfw [options]
> > do "ipfw -h" or see ipfw manpage for details
> >
> > What options are you using in the port? What does your sudoers look
> > like? Also, I'm curious why TTY would show up as unknown in the log.
> >
> > tom
>
> Subject: Re: 1.6.9 crash on freebsd 6-stable
> From: "Todd C. Miller" <Todd.Miller at courtesan.com>
> To: yarodin at gmail.com
> Date: 21/07/07 21:14
>
> Thanks for the stack trace. I believe the problem is that the
> pam_sm_close_session function in pam_lastlog.c does not check that
>
> pam_get_item(pamh, PAM_TTY, (const void **)&tty);
>
> succeeded before using the tty variable. In the case of kdesu there
> is probably no tty so that variable is being used uninitialized.
> This is really a FreeBSD bug; there is a check in pam_sm_open_session
> that is missing in the pam_sm_close_session code.
>
> I've included two diffs. One is a work-around for sudo, the other
> a fix for the FreeBSD issue. If you could file a bug with FreeBSD
> and include the fix I'd appreciate it.
>
> - todd
>
Awesome. I'll commit the sudo patch shortly. I have just one other
issues to look at which I'm almost done with figuring out. I'll also
file a PR for libpam.
tom
> Index: lib/libpam/modules/pam_lastlog/pam_lastlog.c
> ===================================================================
> RCS file: /home/cvs/freebsd/src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v
> retrieving revision 1.21
> diff -u -r1.21 pam_lastlog.c
> --- lib/libpam/modules/pam_lastlog/pam_lastlog.c 11 Aug 2006
> 17:03:33 -0000 1.21
> +++ lib/libpam/modules/pam_lastlog/pam_lastlog.c 21 Jul 2007
> 15:11:39 -0000
> @@ -177,9 +177,12 @@
> pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused,
> int argc __unused, const char *argv[] __unused)
> {
> + int pam_err;
> const void *tty;
>
> - pam_get_item(pamh, PAM_TTY, (const void **)&tty);
> + pam_err = pam_get_item(pamh, PAM_TTY, (const void **)&tty);
> + if (pam_err != PAM_SUCCESS)
> + goto err;
> if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0)
> tty = (const char *)tty + strlen(_PATH_DEV);
> if (*(const char *)tty == '\0')
> @@ -189,6 +192,10 @@
> __func__, (const char *)tty);
> logwtmp(tty, "", "");
> return (PAM_SUCCESS);
> +err:
> + if (openpam_get_option(pamh, "no_fail"))
> + return (PAM_SUCCESS);
> + return (pam_err);
> }
>
> PAM_MODULE_ENTRY("pam_lastlog");
>
> ===================================================================
> --- auth/pam.c.orig Tue Jun 12 07:41:12 2007
> +++ auth/pam.c Sat Jul 21 22:31:43 2007
> @@ -94,7 +94,9 @@
> log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM");
> return(AUTH_FATAL);
> }
> - if (strcmp(user_tty, "unknown"))
> + if (strcmp(user_tty, "unknown") == 0)
> + (void) pam_set_item(pamh, PAM_TTY, "");
> + else
> (void) pam_set_item(pamh, PAM_TTY, user_tty);
>
> return(AUTH_SUCCESS);
--
| tmclaugh at sdf.lonestar.org tmclaugh at FreeBSD.org |
| FreeBSD http://www.FreeBSD.org |
More information about the freebsd-ports
mailing list