I'm attaching a reproducable segfault of dovecot-auth that occurs if a user connects who has a private key in his .ssh dir thus triggering pam-ssh passphrase feature. My pam is compiled with ssh support so this may be the key to this bug. I'm also using dovecot mysql auth for virtual users where the problem does not trigger - works like a charm there. Reproducible: Always Steps to Reproduce: 1. emerge ssh-enabled pam 2. emerge dovecot 3. create user with ssh key pair 4. try to login into dovecot, dovecot-auth crashes Actual Results: This is what dmesg says: [83675.808413] dovecot-auth[28128]: segfault at 4b204554 ip 12a6beb7 sp 589f21b0 error 4 in dovecot-auth[12a3e000+54000] [83675.808456] grsec: signal 11 sent to /usr/libexec/dovecot/dovecot-auth[dovecot-auth:28128] uid/euid:0/1000 gid/egid:0/1017, parent /usr/sbin/dovecot[dovecot:8378] uid/euid:0/0 gid/egid:0/0 Expected Results: dovecot-auth should not crash. Installed and involved software: [ebuild R ] sys-libs/pam-1.0.4 USE="audit cracklib nls vim-syntax (-selinux) -test" 0 kB [ebuild R ] net-misc/openssh-5.2_p1-r1 USE="hpn pam pkcs11 tcpd -X -X509 -kerberos -ldap -libedit (-selinux) -skey -smartcard -static" 0 kB [ebuild R ] net-mail/dovecot-1.1.7-r1 USE="berkdb managesieve mysql pam pop3d sieve sqlite3 ssl -debug -doc -ipv6 -kerberos -ldap -mbox -postgres -suid -vpopmail" 0 kB See strace attachment...
Created attachment 195333 [details] partial strace log of dovecot-auth (v1.1.7-r1)
Sorry, two more ebuild versions involved: [ebuild R ] sys-auth/pam_ssh-1.92 0 kB [ebuild R ] sys-auth/pambase-20081028 USE="cracklib sha512 ssh -consolekit -debug -gnome-keyring -mktemp -passwdqc (-selinux)" 0 kB
Got hit by the same bug. I re-merged pambase with USE="-ssh" and problem i was able to authenticate again.
Hit the same one here. I suspect this to be a bug must be solved upstreams. Kai: I see you are running a grsec kernel. In this case you can workaround this by hiding the .ssh directory of the user for the dovecot-auth process. Regards, Dw.
(In reply to comment #4) > Kai: I see you are running a grsec kernel. In this case you can workaround this > by hiding the .ssh directory of the user for the dovecot-auth process. While that would work, I would consider that a Würg-Around (spoken in German words, means ugly work around). It's not a very big problem, just one user of about 1000 is affected - and that one is just me. ;-)
Do you still have this problem with a current version of dovecot?
I'm closing this bug because it is for a pretty old version and there isn't any activity on this bug. Feel free to re-open for the current stable version (1.2.11-r1) or newer. Thanks for understanding.
it's caused by pam_ssh, if you remove that from the setup, things work fine. yes, it still crashed a couple months ago.
This is still an issue with 1.2.11. I will soon try to create a coredump. (since I found out that it works when one enables suid coredumps) I reopen this bug assuming 1.2.11 being still pretty current on production systems. In reply to comment #8: I want to keep pam_ssh - so this is not an option. BTW: I don't think it is a proper solution to remove software that was installed on intent.
i fully agree, i simply ran out of time for debugging what the bad data was that pam_ssh was handing back to dovecot that made it crash. i suspect a null value
(In reply to comment #10) > i fully agree, i simply ran out of time for debugging what the bad data was > that pam_ssh was handing back to dovecot that made it crash. i suspect a null > value As far as I figured out the chat parser of dovecot does not handle that pam_ssh yields "Passphrase" instead of "Password" as the password prompt.
Created attachment 238747 [details] Backtrace of dovecot-auth According to the backtrace the error is within pam_ssh. I removed my username and password from it.
I changed the summary to reflect my current setup
(In reply to comment #12) > According to the backtrace the error is within pam_ssh. In that case, pam herd should have a look. Reassigning.
Created attachment 241717 [details, diff] pam_ssh-1.97-dovecot.patch
Created attachment 241719 [details] pam_ssh-1.97-r2.ebuild Please check the attached ebuild and patch. For your ref, diff for the ebuild: --- pam_ssh-1.97-r1.ebuild 2010-03-31 02:36:03.000000000 +0000 +++ pam_ssh-1.97-r2.ebuild 2010-08-07 06:38:49.000000000 +0000 @@ -1,6 +1,6 @@ # Copyright 1999-2010 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/pam_ssh/pam_ssh-1.97-r1.ebuild,v 1.7 2010/01/17 05:31:51 abcd Exp $ +# $Header: $ EAPI=2 @@ -12,7 +12,8 @@ LICENSE="BSD as-is" SLOT="0" -KEYWORDS="alpha amd64 arm hppa ia64 m68k ~mips ppc ppc64 s390 sh sparc x86 ~amd64-linux ~ia64-linux ~x86-linux" +KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh +~sparc ~x86 ~amd64-linux ~ia64-linux ~x86-linux" IUSE="" # Doesn't work on OpenPAM. @@ -24,13 +25,13 @@ src_prepare() { epatch "${FILESDIR}/${P}-doublefree.patch" + epatch "${FILESDIR}/${P}-dovecot.patch" eautoreconf } src_configure() { econf \ - "--with-pam-dir=$(getpam_mod_dir)" \ - || die "econf failed" + "--with-pam-dir=$(getpam_mod_dir)" } src_install() {
Comment on attachment 241717 [details, diff] pam_ssh-1.97-dovecot.patch Ehm, a bit too hacky... why did you do that? Does it have problems with symbol collisions? In that case we have better solutions anyway.
Both pam_ssh and dovecot have buffer_free() leading to a collision. True, hacky indeed but... I am open to suggestions.
Okay... I'll come up with a saner solution for pam_ssh, but that package really needs some help upstream.
Fixed by hiding all the non-PAM-related symbols from the export via LD versioning script.
Noted the solution. Thanks. Point taken. Do we need to inherit flag-o-matic?
I thought I did ... d'oh!
Looks like this fixes the problems with dovecot-auth. Thanks!