66919 2004-10-09 13:56 0000 pam_krb5 segfaults on logout when used in proftpd 2005-06-30 15:53:31 0000 1 1 1 Unclassified Gentoo Linux Applications unspecified All Linux RESOLVED FIXED P2 minor --- 1 christophe@saout.de rphillips@gentoo.org christophe@saout.de 2004-10-09 13:56:21 0000 I spent the evening tracking down this bug. I am using AuthPAM with proftpd and pam_krb5. proftpd always segfaults after logout, and lastlog then tells the user has gone without logout. Great... :) Well, the problem is that proftpd does a chroot and then calls PAM_DELETE_CREDS. pam_krb5 tries to get the default krb5 realm and fails (because it can't access its config file due to chroot), the field is uninitialized, points into Nirvana and boom. I've attached a patch that explicitly sets it to "" (empty string, better than nothing) before getting the default realm so that at it doesn't crash anymore. Reproducible: Always Steps to Reproduce: 1. 2. 3. christophe@saout.de 2004-10-09 14:07:08 0000 Created an attachment (id=41434) Workaround for pam_krb5 to not segfault when unable to get default realm (like in a chroot environment) christophe@saout.de 2004-10-09 14:08:24 0000 Created an attachment (id=41435) Workaround for pam_krb5 to not segfault when unable to get default realm (like in a chroot environment) Sorry, wrong patch... this one is the working one. rphillips@gentoo.org 2005-06-30 15:53:31 0000 Committed. Thanks 41434 2004-10-09 14:07 0000 Workaround for pam_krb5 to not segfault when unable to get default realm (like in a chroot environment) pam_krb5_snap-2003.06.01-realm-empty.patch text/plain ZGlmZiAtTnVyIHBhbV9rcmI1X3NuYXAtMjAwMy4wNi4wMS5vcmlnL3BhbV9rcmI1YWZzLmMgcGFt X2tyYjVfc25hcC0yMDAzLjA2LjAxL3BhbV9rcmI1YWZzLmMKLS0tIHBhbV9rcmI1X3NuYXAtMjAw My4wNi4wMS5vcmlnL3BhbV9rcmI1YWZzLmMJMjAwMy0wNi0wMSAyMzo0Mjo0NS4wMDAwMDAwMDAg KzAyMDAKKysrIHBhbV9rcmI1X3NuYXAtMjAwMy4wNi4wMS9wYW1fa3JiNWFmcy5jCTIwMDQtMTAt MDkgMjI6MzE6MjIuMTM0MzIyMjQ5ICswMjAwCkBAIC0xMDg5LDYgKzEwODksNyBAQAogCQkJICAg cmV0LT5yZXRhaW5fdG9rZW4sICZyZXQtPnJldGFpbl90b2tlbik7CiAKIAkvKiBUaGUgZGVmYXVs dCByZWFsbSB3ZSBhc3N1bWUgdXNlcnMgYXJlIGluIHVubGVzcyB0b2xkIG90aGVyd2lzZS4gKi8K KwlyZXQtPnJlYWxtWzBdID0gMDsKIAlrcmI1X2dldF9kZWZhdWx0X3JlYWxtKGNvbnRleHQsICZy ZXQtPnJlYWxtKTsKIAlhcHBkZWZhdWx0X3N0cmluZyhjb250ZXh0LCAicmVhbG0iLCBhcmdjLCBh cmd2LAogCQkJICByZXQtPnJlYWxtLCAmcmV0LT5yZWFsbSk7Cg== 41435 2004-10-09 14:08 0000 Workaround for pam_krb5 to not segfault when unable to get default realm (like in a chroot environment) pam_krb5_snap-2003.06.01-realm-empty.patch text/plain ZGlmZiAtTnVyIHBhbV9rcmI1X3NuYXAtMjAwMy4wNi4wMS5vcmlnL3BhbV9rcmI1YWZzLmMgcGFt X2tyYjVfc25hcC0yMDAzLjA2LjAxL3BhbV9rcmI1YWZzLmMKLS0tIHBhbV9rcmI1X3NuYXAtMjAw My4wNi4wMS5vcmlnL3BhbV9rcmI1YWZzLmMJMjAwMy0wNi0wMSAyMzo0Mjo0NS4wMDAwMDAwMDAg KzAyMDAKKysrIHBhbV9rcmI1X3NuYXAtMjAwMy4wNi4wMS9wYW1fa3JiNWFmcy5jCTIwMDQtMTAt MDkgMjI6MzE6MjIuMTM0MzIyMjQ5ICswMjAwCkBAIC0xMDg5LDYgKzEwODksNyBAQAogCQkJICAg cmV0LT5yZXRhaW5fdG9rZW4sICZyZXQtPnJldGFpbl90b2tlbik7CiAKIAkvKiBUaGUgZGVmYXVs dCByZWFsbSB3ZSBhc3N1bWUgdXNlcnMgYXJlIGluIHVubGVzcyB0b2xkIG90aGVyd2lzZS4gKi8K KwlyZXQtPnJlYWxtID0gIiI7CiAJa3JiNV9nZXRfZGVmYXVsdF9yZWFsbShjb250ZXh0LCAmcmV0 LT5yZWFsbSk7CiAJYXBwZGVmYXVsdF9zdHJpbmcoY29udGV4dCwgInJlYWxtIiwgYXJnYywgYXJn diwKIAkJCSAgcmV0LT5yZWFsbSwgJnJldC0+cmVhbG0pOwo=