Bug 255229

Summary:	<x11-misc/xlockmore-5.28 (possible) lock bypass
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	minor	CC:	coldwind, corsair, dertobi123, desktop-misc, fauli, fmccor, halcy0n, jer, josejx, keytoaster, maekke, nelchael, nixnut, omp, ranger, smithj, tanderson, tester, yngwin
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B4 [glsa]
Package list:		Runtime testing required:	---

Description Stefan Behte (RETIRED) gentoo-dev

2009-01-17 00:34:54 UTC

Don't know if it's public.
I had xlockmore installed with USE="pam", when trying to unlock, it has two password prompts - when pressing enter twice, it's unlocked, without the correct password.

Can anyone reproduce this?

[craig@d400 ~]$ emerge --info
Portage 2.1.6.4 (default/linux/x86/2008.0/desktop, gcc-4.1.2, glibc-2.6.1-r0, 2.6.28-gentoo i686)
=================================================================
System uname: Linux-2.6.28-gentoo-i686-Intel-R-_Pentium-R-_M_processor_1.60GHz-with-glibc2.0
Timestamp of tree: Sun, 11 Jan 2009 01:30:01 +0000
app-shells/bash:     3.2_p39
dev-java/java-config: 1.3.7-r1, 2.1.6-r1
dev-lang/python:     2.4.4-r14, 2.5.2-r7
dev-python/pycrypto: 2.0.1-r6
dev-util/cmake:      2.4.6-r1
sys-apps/baselayout: 1.12.11.1
sys-apps/sandbox:    1.2.18.1-r2
sys-devel/autoconf:  2.13, 2.63
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2
sys-devel/binutils:  2.18-r3
sys-devel/gcc-config: 1.4.0-r4
sys-devel/libtool:   1.5.26
virtual/os-headers:  2.6.27-r2
ACCEPT_KEYWORDS="x86"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium-m -pipe -fomit-frame-pointer"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/config"
CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c /etc/udev/rules.d"
CXXFLAGS="-O2 -march=pentium-m -pipe -fomit-frame-pointer"
DISTDIR="/usr/portage/distfiles"
FEATURES="distlocks fixpackages parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch"
GENTOO_MIRRORS="ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ ftp://sunsite.informatik.rwth-aachen.de/pub/Linux/gentoo http://linux.rz.ruhr-uni-bochum.de/download/gentoo-mirror/ ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo http://mirrors.sec.informatik.tu-darmstadt.de/gentoo/ http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ http://pandemonium.tiscali.de/pub/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ http://gentoo.intergenia.de "
LANG="de_DE@euro"
LC_ALL="de_DE@euro"
LDFLAGS="-Wl,-O1"
LINGUAS="de"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="X a52 aac acl acpi adns alsa apache2 berkdb bluetooth branding bzip2 cairo cdr cli cracklib crypt cups dri dvd dvdr dvdread eds emboss encode evo fam firefox fortran gdbm gif gpm gstreamer gtk hal iconv imlib ipv6 jpeg libnotify mad midi mikmod mmx mp3 mpeg mtrr mudflap ncurses nls nptl nptlonly nsplugin ogg opengl openmp pam pcre pdf perl php png ppds pppd python qt3 qt3support qt4 quicktime readline reflection samba sdl session snmp socks5 spell spl sse sse2 ssl startup-notification svg sysfs tcpd theora threads tiff truetype unicode usb userlocales utf8 vorbis wifi win32codecs x264 x86 xml xorg xulrunner xv xvid xvmc zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1 emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" USERLAND="GNU" VIDEO_CARDS="fbdev intel i810 vesa vga"
Unset:  CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, MAKEOPTS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY

Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev

2009-03-07 19:55:53 UTC

Samuli, are you aware of this? can you reproduce? please advise.

Comment 2 Pierre-Yves Rofes (RETIRED) gentoo-dev

2009-04-19 18:18:53 UTC

(In reply to comment #1)
> Samuli, are you aware of this? can you reproduce? please advise.
> 

CC'ed the rest of desktop-misc@. guys, please advise.

Comment 3 Samuli Suominen (RETIRED) gentoo-dev

2009-04-29 20:44:04 UTC

(In reply to comment #1)
> Samuli, are you aware of this? can you reproduce? please advise.
> 

Sorry it took so long. I just added latest version, 5.28 in to portage and I can't reproduce this. I read from Debian bug tracking system that there is
another prob, where xlockmore crashes in approx. ~ 1 hour, possibly with GL
savers.

Anyway.. I don't have anything else to add at this time.

Comment 4 Stefan Behte (RETIRED) gentoo-dev

2009-05-10 17:51:12 UTC

I can reproduce this on 5.25:
xlock -mode blank
Press Enter at the first password prompt
Press Enter at the second password prompt (I wonder why there is a 2nd prompt now!)

then you get:

*** glibc detected *** xlock: double free or corruption (out): 0x00007fff849adfa0 ***
======= Backtrace: =========
/lib/libc.so.6[0x7fb87a8f019d]
/lib/libc.so.6(cfree+0x76)[0x7fb87a8f1be6]
/lib64/security/pam_unix.so[0x7fb874254733]
/lib64/security/pam_unix.so(pam_sm_authenticate+0x1f0)[0x7fb874253170]
/lib/libpam.so.0[0x7fb87ba8dc89]
/lib/libpam.so.0(pam_authenticate+0x43)[0x7fb87ba8d5a3]
xlock[0x40b95d]
xlock[0x408df5]
xlock[0x40b120]
/lib/libc.so.6(__libc_start_main+0xf4)[0x7fb87a89d4a4]
xlock(__gxx_personality_v0+0x221)[0x4060f9]
======= Memory map: ========
00400000-004f8000 r-xp 00000000 fe:01 28590088                           /usr/bin/xlock
006f7000-006f8000 r--p 000f7000 fe:01 28590088                           /usr/bin/xlock
006f8000-00742000 rw-p 000f8000 fe:01 28590088                           /usr/bin/xlock
00742000-007a5000 rw-p 00742000 00:00 0
00f21000-00f63000 rw-p 00f21000 00:00 0                                  [heap]
7fb86c000000-7fb86c021000 rw-p 7fb86c000000 00:00 0
7fb86c021000-7fb870000000 ---p 7fb86c021000 00:00 0
7fb873e4b000-7fb873e4d000 r-xp 00000000 fe:01 22406840                   /usr/lib64/gconv/ISO8859-15.so
7fb873e4d000-7fb87404c000 ---p 00002000 fe:01 22406840                   /usr/lib64/gconv/ISO8859-15.so
7fb87404c000-7fb87404d000 r--p 00001000 fe:01 22406840                   /usr/lib64/gconv/ISO8859-15.so
7fb87404d000-7fb87404e000 rw-p 00002000 fe:01 22406840                   /usr/lib64/gconv/ISO8859-15.so
7fb87404e000-7fb87404f000 r-xp 00000000 fe:01 28500601                   /lib64/security/pam_deny.so
7fb87404f000-7fb87424e000 ---p 00001000 fe:01 28500601                   /lib64/security/pam_deny.so
7fb87424e000-7fb87424f000 r--p 00000000 fe:01 28500601                   /lib64/security/pam_deny.so
7fb87424f000-7fb874250000 rw-p 00001000 fe:01 28500601                   /lib64/security/pam_deny.so
7fb874250000-7fb87425a000 r-xp 00000000 fe:01 28500701                   /lib64/security/pam_unix.so
7fb87425a000-7fb87445a000 ---p 0000a000 fe:01 28500701                   /lib64/security/pam_unix.so
7fb87445a000-7fb87445b000 r--p 0000a000 fe:01 28500701                   /lib64/security/pam_unix.so
7fb87445b000-7fb87445c000 rw-p 0000b000 fe:01 28500701                   /lib64/security/pam_unix.so
7fb87445c000-7fb874468000 rw-p 7fb87445c000 00:00 0
7fb874468000-7fb87446b000 r-xp 00000000 fe:01 28500811                   /lib64/security/pam_env.so
7fb87446b000-7fb87466a000 ---p 00003000 fe:01 28500811                   /lib64/security/pam_env.so
7fb87466a000-7fb87466b000 r--p 00002000 fe:01 28500811                   /lib64/security/pam_env.so
7fb87466b000-7fb87466c000 rw-p 00003000 fe:01 28500811                   /lib64/security/pam_env.so
7fb87466c000-7fb874671000 r-xp 00000000 fe:01 22823872                   /usr/lib64/libXfixes.so.3.1.0
7fb874671000-7fb874870000 ---p 00005000 fe:01 22823872                   /usr/lib64/libXfixes.so.3.1.0
7fb874870000-7fb874871000 r--p 00004000 fe:01 22823872                   /usr/lib64/libXfixes.so.3.1.0
7fb874871000-7fb874872000 rw-p 00005000 fe:01 22823872                   /usr/lib64/libXfixes.so.3.1.0
7fb874872000-7fb87487b000 r-xp 00000000 fe:01 28819812                   /usr/lib64/libXrender.so.1.3.0
7fb87487b000-7fb874a7a000 ---p 00009000 fe:01 28819812                   /usr/lib64/libXrender.so.1.3.0
7fb874a7a000-7fb874a7b000 r--p 00008000 fe:01 28819812                   /usr/lib64/libXrender.so.1.3.0
7fb874a7b000-7fb874a7c000 rw-p 00009000 fe:01 28819812                   /usr/lib64/libXrender.so.1.3.0
7fb874a7c000-7fb874a85000 r-xp 00000000 fe:01 22832178                   /usr/lib64/libXcursor.so.1.0.2
7fb874a85000-7fb874c85000 ---p 00009000 fe:01 22832178                   /usr/lib64/libXcursor.so.1.0.2
7fb874c85000-7fb874c86000 r--p 00009000 fe:01 22832178                   /usr/lib64/libXcursor.so.1.0.2
7fb874c86000-7fb874c87000 rw-p 0000a000 fe:01 22832178                   /usr/lib64/libXcursor.so.1.0.2
7fb874c87000-7fb874c91000 r-xp 00000000 fe:01 22446164                   /lib64/libnss_files-2.8.so
7fb874c91000-7fb874e90000 ---p 0000a000 fe:01 22446164                   /lib64/libnss_files-2.8.so
7fb874e90000-7fb874e91000 r--p 00009000 fe:01 22446164                   /lib64/libnss_files-2.8.so
7fb874e91000-7fb874e92000 rw-p 0000a000 fe:01 22446164                   /lib64/libnss_files-2.8.so
7fb874e92000-7fb874e9b000 r-xp 00000000 fe:01 22446383                   /lib64/libnss_nis-2.8.so
7fb874e9b000-7fb87509b000 ---p 00009000 fe:01 22446383                   /lib64/libnss_nis-2.8.so
7fb87509b000-7fb87509c000 r--p 00009000 fe:01 22446383                   /lib64/libnss_nis-2.8.so
7fb87509c000-7fb87509d000 rw-p 0000a000 fe:01 22446383                   /lib64/libnss_nis-2.8.so
7fb87509d000-7fb8750b1000 r-xp 00000000 fe:01 22446382                   /lib64/libnsl-2.8.so
7fb8750b1000-7fb8752b0000 ---p 00014000 fe:01 22446382                   /lib64/libnsl-2.8.so
7fb8752b0000-7fb8752b1000 r--p 00013000 fe:01 22446382                   /lib64/libnsl-2.8.so
7fb8752b1000-7fb8752b2000 rw-p 00014000 fe:01 22446382                   /lib64/libnsl-2.8.so
7fb8752b2000-7fb8752b4000 rw-p 7fb8752b2000 00:00 0
7fb8752b4000-7fb8752bb000 r-xp 00000000 fe:01 22446281                   /lib64/libnss_compat-2.8.so
7fb8752bb000-7fb8754ba000 ---p 00007000 fe:01 22446281                   /lib64/libnss_compat-2.8.so
7fb8754ba000-7fb8754bb000 r--p 00006000 fe:01 22446281                   /lib64/libnss_compat-2.8.so
7fb8754bb000-7fb8754bc000 rw-p 00007000 fe:01 22446281                   /lib64/libnss_compat-2.8.so
7fb8754bc000-7fb87a05c000 r--p 00000000 fe:01 22406051                   /usr/lib64/locale/locale-archive
7fb87a05c000-7fb87a061000 r-xp 00000000 fe:01 22823262                   /usr/lib64/libXdmcp.so.6.0.0
7fb87a061000-7fb87a260000 ---p 00005000 fe:01 22823262                   /usr/lib64/libXdmcp.so.6.0.0
7fb87a260000-7fb87a261000 r--p 00004000 fe:01 22823262                   /usr/lib64/libXdmcp.so.6.0.0
7fb87a261000-7fb87a262000 rw-p 00005000 fe:01 22823262                   /usr/lib64/libXdmcp.so.6.0.0
7fb87a262000-7fb87a264000 r-xp 00000000 fe:01 28772531                   /usr/lib64/libXau.so.6.0.0
7fb87a264000-7fb87a463000 ---p 00002000 fe:01 28772531                   /usr/lib64/libXau.so.6.0.0
7fb87a463000-7fb87a464000 r--p 00001000 fe:01 28772531                   /usr/lib64/libXau.so.6.0.0
7fb87a464000-7fb87a465000 rw-p 00002000 fe:01 28772531                   /usr/lib64/libXau.so.6.0.0
7fb87a465000-7fb87a479000 r-xp 00000000 fe:01 22446193                   /lib64/libz.so.1.2.3
7fb87a479000-7fb87a678000 ---p 00014000 fe:01 22446193                   /lib64/libz.so.1.2.3
7fb87a678000-7fb87a679000 r--p 00013000 fe:01 22446193                   /lib64/libz.so.1.2.3
7fb87a679000-7fb87a67a000 rw-p 00014000 fe:01 22446193                   /lib64/libz.so.1.2.3
7fb87a67a000-7fb87a67d000 r-xp 00000000 fe:01 22446364                   /lib64/libuuid.so.1.2
7fb87a67d000-7fb87a87d000 ---p 00003000 fe:01 22446364                   /lib64/libuuid.so.1.2
7fb87a87d000-7fb87a87e000 r--p 00003000 fe:01 22446364                   /lib64/libuuid.so.1.2
7fb87a87e000-7fb87a87f000 rw-p 00004000 fe:01 22446364                   /lib64/libuuid.so.1.2
7fb87a87f000-7fb87a9be000 r-xp 00000000 fe:01 22446184                   /lib64/libc-2.8.so
7fb87a9be000-7fb87abbd000 ---p 0013f000 fe:01 22446184                   /lib64/libc-2.8.so
7fb87abbd000-7fb87abc1000 r--p 0013e000 fe:01 22446184                   /lib64/libc-2.8.so
7fb87abc1000-7fb87abc2000 rw-p 00142000 fe:01 22446184                   /lib64/libc-2.8.so
7fb87abc2000-7fb87abc7000 rw-p 7fb87abc2000 00:00 0
7fb87abc7000-7fb87abdd000 r-xp 00000000 fe:01 28426247                   /lib64/libgcc_s.so.1
7fb87abdd000-7fb87addc000 ---p 00016000 fe:01 28426247                   /lib64/libgcc_s.so.1
7fb87addc000-7fb87addd000 r--p 00015000 fe:01 28426247                   /lib64/libgcc_s.so.1
7fb87addd000-7fb87adde000 rw-p 00016000 fe:01 28426247                   /lib64/libgcc_s.so.1
7fb87adde000-7fb87ae5e000 r-xp 00000000 fe:01 22446361                   /lib64/libm-2.8.so
7fb87ae5e000-7fb87b05d000 ---p 00080000 fe:01 22446361                   /lib64/libm-2.8.so
7fb87b05d000-7fb87b05e000 r--p 0007f000 fe:01 22446361                   /lib64/libm-2.8.so
7fb87b05e000-7fb87b05f000 rw-p 00080000 fe:01 22446361                   /lib64/libm-2.8.so
7fb87b05f000-7fb87b14f000 r-xp 00000000 fe:01 28682459                   /usr/lib64/gcc/x86_64-pc-linux-gnu/4.3.2/libstdc++.so.6.0.10
7fb87b14f000-7fb87b34f000 ---p 000f0000 fe:01 28682459                   /usr/lib64/gcc/x86_64-pc-linux-gnu/4.3.2/libstdc++.so.6.0.10
7fb87b34f000-7fb87b356000 r--p 000f0000 fe:01 28682459                   /usr/lib64/gcc/x86_64-pc-linux-gnu/4.3.2/libstdc++.so.6.0.10
7fb87b356000-7fb87b358000 rw-p 000f7000 fe:01 28682459                   /usr/lib64/gcc/x86_64-pc-linux-gnu/4.3.2/libstdc++.so.6.0.10
7fb87b358000-7fb87b36b000 rw-p 7fb87b358000 00:00 0
7fb87b36b000-7fb87b37b000 r-xp 00000000 fe:01 28803439                   /usr/lib64/libXext.so.6.4.0
7fb87b37b000-7fb87b57b000 ---p 00010000 fe:01 28803439                   /usr/lib64/libXext.so.6.4.0
7fb87b57b000-7fb87b57c000 r--p 00010000 fe:01 28803439                   /usr/lib64/libXext.so.6.4.0
7fb87b57c000-7fb87b57d000 rw-p 00011000 fe:01 28803439                   /usr/lib64/libXext.so.6.4.0
7fb87b57d000-7fb87b681000 r-xp 00000000 fe:01 28895413                   /usr/lib64/libX11.so.6.2.0
7fb87b681000-7fb87b880000 ---p 00104000 fe:01 28895413                   /usr/lib64/libX11.so.6.2.0
7fb87b880000-7fb87b882000 r--p 00103000 fe:01 28895413                   /usr/lib64/libX11.so.6.2.0
7fb87b882000-7fb87b887000 rw-p 00105000 fe:01 28895413                   /usr/lib64/libX11.so.6.2.0
7fb87b887000-7fb87b889000 r-xp 00000000 fe:01 22446167                   /lib64/libdl-2.8.so
7fb87b889000-7fb87ba89000 ---p 00002000 fe:01 22446167                   /lib64/libdl-2.8.so
7fb87ba89000-7fb87ba8a000 r--p 00002000 fe:01 22446167                   /lib64/libdl-2.8.so
7fb87ba8a000-7fb87ba8b000 rw-p 00003000 fe:01 22446167                   /lib64/libdl-2.8.so
7fb87ba8b000-7fb87ba95000 r-xp 00000000 fe:01 28500822                   /lib64/libpam.so.0.81.13
7fb87ba95000-7fb87bc95000 ---p 0000a000 fe:01 28500822                   /lib64/libpam.so.0.81.13
7fb87bc95000-7fb87bc96000 r--p 0000a000 fe:01 28500822                   /lib64/libpam.so.0.81.13
7fb87bc96000-7fb87bc97000 rw-p 0000b000 fe:01 28500822                   /lib64/libpam.so.0.81.13
7fb87bc97000-7fb87bc9f000 r-xp 00000000 fe:01 22446391                   /lib64/libcrypt-2.8.so
7fb87bc9f000-7fb87be9e000 ---p 00008000 fe:01 22446391                   /lib64/libcrypt-2.8.so
7fb87be9e000-7fb87be9f000 r--p 00007000 fe:01 22446391                   /lib64/libcrypt-2.8.so
7fb87be9f000-7fb87bea0000 rw-p 00008000 fe:01 22446391                   /lib64/libcrypt-2.8.so
7fb87bea0000-7fb87bece000 rw-p 7fb87bea0000 00:00 0
7fb87bece000-7fb87bf5b000 r-xp 00000000 fe:01 1319009                    /usr/lib64/libfreetype.so.6.3.20
7fb87bf5b000-7fb87c15a000 ---p 0008d000 fe:01 1319009                    /usr/lib64/libfreetype.so.6.3.20
7fb87c15a000-7fb87c15f000 r--p 0008c000 fe:01 1319009                    /usr/lib64/libfreetype.so.6.3.20
7fb87c15f000-7fb87c160000 rw-p 00091000 fe:01 1319009                    /usr/lib64/libfreetype.so.6.3.20
7fb87c160000-7fb87c170000 r-xp 00000000 fe:01 22832972                   /usr/lib64/libXpm.so.4.11.0
7fb87c170000-7fb87c36f000 ---p 00010000 fe:01 22832972                   /usr/lib64/libXpm.so.4.11.0
7fb87c36f000-7fb87c370000 r--p 0000f000 fe:01 22832972                   /usr/lib64/libXpm.so.4.11.0
7fb87c370000-7fb87c371000 rw-p 00010000 fe:01 22832972                   /usr/lib64/libXpm.so.4.11.0
7fb87c371000-7fb87c388000 r-xp 00000000 fe:01 22823314                   /usr/lib64/libICE.so.6.3.0
7fb87c388000-7fb87c587000 ---p 00017000 fe:01 22823314                   /usr/lib64/libICE.so.6.3.0
7fb87c587000-7fb87c588000 r--p 00016000 fe:01 22823314                   /usr/lib64/libICE.so.6.3.0
7fb87c588000-7fb87c589000 rw-p 00017000 fe:01 22823314                   /usr/lib64/libICE.so.6.3.0
7fb87c589000-7fb87c58d000 rw-p 7fb87c589000 00:00 0
7fb87c58d000-7fb87c594000 r-xp 00000000 fe:01 28795449                   /usr/lib64/libSM.so.6.0.0
7fb87c594000-7fb87c794000 ---p 00007000 fe:01 28795449                   /usr/lib64/libSM.so.6.0.0
7fb87c794000-7fb87c795000 r--p 00007000 fe:01 28795449                   /usr/lib64/libSM.so.6.0.0
7fb87c795000-7fb87c796000 rw-p 00008000 fe:01 28795449                   /usr/lib64/libSM.so.6.0.0
7fb87c796000-7fb87c7b1000 r-xp 00000000 fe:01 22446296                   /lib64/ld-2.8.so
7fb87c98c000-7fb87c994000 rw-p 7fb87c98c000 00:00 0
7fb87c9a4000-7fb87c9ab000 r--s 00000000 fe:01 22406820                   /usr/lib64/gconv/gconv-modules.cache
7fb87c9ab000-7fb87c9ae000 r--p 00000000 fe:01 28500893                   /usr/share/locale/de/LC_MESSAGES/Linux-PAM.mo
7fb87c9ae000-7fb87c9b0000 rw-p 7fb87c9ae000 00:00 0
7fb87c9b0000-7fb87c9b1000 r--p 0001a000 fe:01 22446296                   /lib64/ld-2.8.so
7fb87c9b1000-7fb87c9b2000 rw-p 0001b000 fe:01 22446296                   /lib64/ld-2.8.so
7fff8499c000-7fff849b1000 rw-p 7ffffffea000 00:00 0                      [stack]
7fff849fe000-7fff849ff000 r-xp 7fff849fe000 00:00 0                      [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  [vsyscall]
Abgebrochen

Seems to be fixed in 5.28, but you have to enter the password twice...

Comment 5 Samuli Suominen (RETIRED) gentoo-dev

2009-06-01 08:36:43 UTC

Hey guys, if xlockmore-5.28 doesn't have this problem it's more than OK to go into stable.

Please modify this bug as test & stable request for the version.

Comment 6 Samuli Suominen (RETIRED) gentoo-dev

2009-06-01 09:00:09 UTC

BTW, the USE="gtk" in xlockmore has always been unstable. It's for a configuration tool it installs, but the configuration can be done also by hand. It's not a regression.

Comment 7 Tobias Heinlein (RETIRED) gentoo-dev

2009-06-01 09:31:14 UTC

Arch Security Liaisons, please test and mark stable:
=x11-misc/xlockmore-5.28
Target keywords : "amd64 hppa ppc ppc64 sparc x86"

CC'ing current Liaisons:
   amd64 : keytoaster, tester
    hppa : jer
     ppc : dertobi123
   ppc64 : corsair
   sparc : fmccor
     x86 : maekke, armin76

Comment 8 Markus Meier gentoo-dev

2009-06-01 11:55:26 UTC

x86 stable. (btw also looks good on amd64)

Comment 9 Jeroen Roovers (RETIRED) gentoo-dev

2009-06-02 06:16:40 UTC

(In reply to comment #8)
> x86 stable. (btw also looks good on amd64)

--- ChangeLog   2009-06-02 07:53:28.000000000 +0200
+++ ChangeLog.new       2009-06-02 08:16:01.000000000 +0200
@@ -2,6 +2,9 @@
 # Copyright 1999-2009 Gentoo Foundation; Distributed under the GPL v2
 # $Header: /var/cvsroot/gentoo-x86/x11-misc/xlockmore/ChangeLog,v 1.71 2009/06/01 11:53:02 maekke Exp $

+  02 Jun 2009; Jeroen Roovers <jer@gentoo.org> xlockmore-5.28.ebuild:
+  Stable for HPPA (bug #255229).
+
   01 Jun 2009; Markus Meier <maekke@gentoo.org> xlockmore-5.28.ebuild:
   x86 stable


It's OK to put the bug number in the ChangeLog.


Stable for HPPA.

Comment 10 Robert Buchholz (RETIRED) gentoo-dev

2009-06-27 10:36:30 UTC

ping, liaisons, please stable.

Comment 11 Ferris McCormick (RETIRED) gentoo-dev

2009-06-29 12:29:15 UTC

Sparc stable.

Comment 12 Tobias Scherbaum (RETIRED) gentoo-dev

2009-07-08 15:32:42 UTC

Adding rangerpb and nixnut for ppc.

Comment 13 Samuli Suominen (RETIRED) gentoo-dev

2009-07-11 21:56:52 UTC

It was USE="unicode" that's segfaulting it; I've just punted the flag entirely and added a warning at postinst that multibyte or unicode char's ain't supported.

Please stable, a user just opened a bug to get this stable since this is a private bug, there is no way he could have known it's here. :/

Comment 14 Samuli Suominen (RETIRED) gentoo-dev

2009-07-11 21:57:57 UTC

Adding gentoofan23 from amd64 as a temporary liason.

Comment 15 Tobias Heinlein (RETIRED) gentoo-dev

2009-07-12 00:10:39 UTC

amd64 stable. works as expected, cannot reproduce the vulnerable behaviour though.

Comment 16 Joe Jezak (RETIRED) gentoo-dev

2009-07-23 16:55:52 UTC

Works on ppc/ppc64, marked stable.

Comment 17 Samuli Suominen (RETIRED) gentoo-dev

2010-02-09 14:53:37 UTC

Removing myself from CC. It's stable everywhere, and nothing left to do here. It was a configure option issue more or less, multibyte chars crashes xlockmore. 
That said, there's a version bump available, will check if this still happens.

Comment 18 Stefan Behte (RETIRED) gentoo-dev

2011-10-08 22:58:11 UTC

New GLSA request filed.

Comment 19 Robin Johnson archtester

2012-11-07 22:42:02 UTC

The issue in the initial report isn't entirely fixed.

This is in the configure output:
not defining option USE_PAM (mutually exclusive with xlockrc)
USE=pam and USE=xlockrc should be mutually exclusive.

xlockrc seems to take precedence otherwise.

Comment 20 Sergey Popov (RETIRED) gentoo-dev

2013-09-02 08:33:17 UTC

+  02 Sep 2013; Sergey Popov <pinkbyte@gentoo.org> xlockmore-5.43.ebuild:
+  Make PAM and xlockrc support mutually exclusive as defined in configure file,
+  wrt bug #255229

Comment 21 GLSAMaker/CVETool Bot gentoo-dev

2013-09-02 09:33:03 UTC

This issue was resolved and addressed in
 GLSA 201309-03 at http://security.gentoo.org/glsa/glsa-201309-03.xml
by GLSA coordinator Sergey Popov (pinkbyte).