pam-0.79: Bug in pam_tally:tally_get_data?

Andreas Haumer andreas at xss.co.at
Mon Jun 27 09:43:25 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi!

I'm currently hunting a bug after upgrading to pam-0.79 and I'm
wondering if anyone has found similar problems.

Symptom: programs using the pam_tally module (like login)
are crashing with SIGSEGV in the tally_get_data function.

Look at the following gdb session:

root at tolstoi:/work/shadow-4.0.7/src {633} $ gdb login
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i686-pc-linux-gnu"...Using host libthread_db library "/lib/libthread_db.so.1".

(gdb) r andreas
Starting program: /work/shadow-4.0.7/src/login andreas
Password:

Program received signal SIGSEGV, Segmentation fault.
0x401da219 in tally_get_data () from /lib/security/pam_tally.so
(gdb) bt
#0  0x401da219 in tally_get_data () from /lib/security/pam_tally.so
#1  0x401dac1a in pam_sm_setcred () from /lib/security/pam_tally.so
#2  0x400479e5 in _pam_dispatch_aux () from /lib/libpam.so.0
#3  0x40047b60 in _pam_dispatch () from /lib/libpam.so.0
#4  0x40049992 in pam_setcred () from /lib/libpam.so.0
#5  0x0804a8d6 in main (argc=5, argv=0xbfffecc4) at login.c:796

This crash happens with the login program from the shadow-4.0.7
and shadow-4.0.9 packages (these are the only versions I have tested).
I'm using Linux with glibc-2.3.5 and kernel 2.4.31, if that matters.

If I replace the pam_tally module with the module from pam-0.78,
everything is fine. Also, when I remove the pam_tally module from
the pam stack, the segmentation fault disappears even with pam-0.79

It seems the major rewrite of the pam_tally module in pam-0.79
has introduced some problems...

HTH

- - andreas

PS: While hunting this bug, I found that the online documentation
of the pam_tally module as found on the PAM website at kernel.org
is outdated, as some options have changed name and/or semantics
during the rewrite im pam-0.79.

- --
Andreas Haumer                     | mailto:andreas at xss.co.at
*x Software + Systeme              | http://www.xss.co.at/
Karmarschgasse 51/2/20             | Tel: +43-1-6060114-0
A-1100 Vienna, Austria             | Fax: +43-1-6060114-71

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCv8o6xJmyeGcXPhERAuKyAJ4kBKE6XQkv20xtQYgosvlA5kSLegCghjX/
R5kRJOmLeOGBiY8MU7EbGzU=
=i/Ki
-----END PGP SIGNATURE-----

More information about the Pam-list mailing list