Your message dated Mon, 6 Nov 2006 04:15:03 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#347338: problem fixed with 0.79-4
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Subject: libpam-modules: pam_tally segfaults
Package: libpam-modules
Version: 0.79-3
Severity: important
With this in /etc/pam.d/common-account:
account required pam_tally.so
and this in /etc/pam.d/common-auth:
auth required pam_tally.so onerr=fail deny=5
ftp and console logins fail, su doesn't work, and sudo fails if it has to
ask for a password, as the calling process segfaults inside pam_tally's
pam_sm_setcred() function..
Without the account phase, there's no segfault, but the tally is not
reset after a successful ssh login, or after authenticating for sudo.
What appears to be happening is that tally_set_data() is called from
pam_sm_authenticate(), then tally_get_data() is called from
pam_sm_acct_mgmt(), and again from pam_sm_setcred(). tally_get_data() sets
the data pointer to NULL, so when the second call blindly dereferences
the pointer it gets back from pam_get_data(), it segfaults.
This trivial patch appears to fix it for me, and the resulting
pam_tally.so binary has the desired behaviour for every type of login I
can be bothered checking.
--- pam-0.79/Linux-PAM/modules/pam_tally/pam_tally.c 2006-01-10
16:35:32.000000000 +1000
+++ pam-0.79.fix/Linux-PAM/modules/pam_tally/pam_tally.c 2006-01-10
16:29:01.000000000 +1000
@@ -268,7 +268,7 @@
const void *data;
rv = pam_get_data(pamh, MODULE_NAME, &data);
- if ( rv == PAM_SUCCESS && oldtime != NULL ) {
+ if ( rv == PAM_SUCCESS && oldtime != NULL && data != NULL ) {
*oldtime = *(const time_t *)data;
pam_set_data(pamh, MODULE_NAME, NULL, NULL);
}
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (990, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14
Locale: LANG=C, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages libpam-modules depends on:
ii libc6 2.3.5-11 GNU C Library: Shared libraries an
ii libcap1 1:1.10-14 support for getting/setting POSIX.
ii libdb4.3 4.3.29-3 Berkeley v4.3 Database Libraries [
ii libpam0g 0.79-3 Pluggable Authentication Modules l
ii libselinux1 1.28-2 SELinux shared libraries
libpam-modules recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Version: 0.79-4
On Mon, Nov 06, 2006 at 10:24:40AM +0100, Christian Bornträger wrote:
> This problem seems fixed by the same patch which fixed 335273.
> I think you can close this issue.
Thanks, marking the bug as done in this version.
Cheers,
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
[EMAIL PROTECTED] http://www.debian.org/
--- End Message ---
