Summary: | <sys-auth/pam_mount-1.25 makes <app-admin/sudo-1.7.2 segfault | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Randall Wald <rdwald> |
Component: | Current packages | Assignee: | Diego Elio Pettenò (RETIRED) <flameeyes> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | eva, hrubi, mephinet, nicodietrich, pam-bugs+disabled, simon.gerber |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.gratisoft.us/bugzilla/show_bug.cgi?id=358 | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Attachments: | output of emerge --info |
Description
Randall Wald
2009-06-11 21:35:04 UTC
Any chance you can provide a backtrace? http://www.gentoo.org/proj/en/qa/backtraces.xml I just ran into the same problem while upgrading to sudo-1.7.1-r1. In my case this is caused by a pam_mount entry in /etc/pam.d/system-auth - so that might be a pam_mount bug instead. Should I write a separate bug report? Disabling the last line (session optional pam_mount.so) makes the segfault disappear: auth required pam_env.so auth optional pam_mount.so auth sufficient pam_unix.so likeauth nullok use_first_pass auth required pam_deny.so use_first_pass account required pam_unix.so password required pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 password sufficient pam_unix.so nullok md5 shadow use_authtok password required pam_deny.so session required pam_limits.so session required pam_unix.so session optional pam_mount.so # this is the culprit My pam_mount configuration is according to http://www.gentoo-wiki.info/HOWTO_Encrypt_Your_Home_Directory_Using_LUKS_and_pam_mount Thanks for fixing! Yea, I had the same "session optional pam_mount.so" line, and commenting it out stopped the segfaults. Is removing this line going to affect my ability to mount my home partition automatically when logging in? Yep, pam_mount is not going to work without that line. I'm using su for now. A workaround would be to copy the contents of /etc/pam.d/system-auth to /etc/pam.d/sudo without the pam_mount session line. The default pam configuration for sudo just includes system-auth. Like that pam_mount is still performed on login while being avoided when sudoing where it's not needed anyway. For the record: This is eventually related to a sudo-bug which also appears with libpam-fprint libpam-lastlog, but has been resolved a year ago: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462445#53 Can you provide a backtrace please? With that I can decide whether to push it to which upstream or fix it. Same here, after upgrading from 1.7.0 to 1.7.1-r1, any sudo segfaults. I can provide a stacktrace: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fbb090f36f0 (LWP 2509)] 0x0000003063c83780 in strlen () from /lib/libc.so.6 (gdb) bt #0 0x0000003063c83780 in strlen () from /lib/libc.so.6 #1 0x00000000004127cc in setenv () #2 0x00007fbb0808320f in pam_sm_open_session (pamh=0xb24930, flags=0, argc=0, argv=0x0) at pam_mount.c:465 #3 0x0000003067802ce2 in ?? () from /lib/libpam.so.0 #4 0x000000000040c998 in ?? () #5 0x0000000000416d4a in ?? () #6 0x0000000000418f19 in ?? () #7 0x0000003063c1e486 in __libc_start_main () from /lib/libc.so.6 #8 0x00000000004040b9 in ?? () #9 0x00007fff11118098 in ?? () #10 0x000000000000001c in ?? () #11 0x0000000000000002 in ?? () #12 0x00007fff11119275 in ?? () #13 0x00007fff11119283 in ?? () #14 0x0000000000000000 in ?? () I'm on a amd64 notebook. Created attachment 194430 [details]
output of emerge --info
I created a backtrace, but guess that it's of no much use: (gdb) run Starting program: /usr/bin/sudo -s Program received signal SIGSEGV, Segmentation fault. 0x00007f2f6d75ecb0 in strlen () from /lib/libc.so.6 Question, as I'm new into backtraces: I guess I'd need to build glibc with debugging symbols but I don't know whether I'm getting in trouble when rebuilding glibc without @world. May I? I usually have CFLAGS="-march=k8 -O2 -pipe -fomit-frame-pointer" and changed to CFLAGS="-march=k8 -O2 -pipe -ggdb" to get the backtrace. But: Interestingly, I can not reproduce the segfault when building sudo with -O1. Is this a gcc bug then? --- mense etc # emerge --info Portage 2.2_rc33 (default/linux/amd64/2008.0, gcc-4.3.2, glibc-2.7-r2, 2.6.30-gentoo-r1 x86_64) ================================================================= System uname: Linux-2.6.30-gentoo-r1-x86_64-AMD_Athlon-tm-_64_Processor_3000+-with-glibc2.2.5 Timestamp of tree: Sun, 14 Jun 2009 11:15:02 +0000 distcc 3.1 x86_64-pc-linux-gnu [disabled] ccache version 2.4 [enabled] app-shells/bash: 3.2_p39 dev-java/java-config: 2.1.7 dev-lang/python: 2.5.4-r2 dev-python/pycrypto: 2.0.1-r8 dev-util/ccache: 2.4-r7 dev-util/cmake: 2.6.4 sys-apps/baselayout: 2.0.1 sys-apps/openrc: 0.4.3-r3 sys-apps/sandbox: 2.0 sys-devel/autoconf: 2.13, 2.63 sys-devel/automake: 1.5, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6a virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -O2 -pipe -ggdb" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/kde/4.2/env /usr/kde/4.2/share/config /usr/kde/4.2/shutdown /usr/share/config" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/eselect/postgresql /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo /etc/texmf/language.dat.d /etc/texmf/language.def.d /etc/texmf/updmap.d /etc/texmf/web2c /etc/udev/rules.d" CXXFLAGS="-march=k8 -O2 -pipe -ggdb" DISTDIR="/usr/portage/distfiles" FEATURES="ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch preserve-libs protect-owned sandbox sfperms splitdebug strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://trumpetti.atm.tut.fi/gentoo/ http://ftp.uni-erlangen.de/pub/mirrors/gentoo http://ftp.spline.inf.fu-berlin.de/mirrors/gentoo/ " LANG="en_US.utf8" LDFLAGS="-Wl,-O1" LINGUAS="en de fr es eo" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/layman/kde-testing /usr/local/portage/layman/haskell /usr/local/portage/layman/sunrise /usr/local/portage/layman/kolab /usr/portage/local /usr/local/portage" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="3dnow 3dnowext 7zip X aac aalib ace acl acpi akonadi alsa amd64 bash-completion berkdb bittorrent bzip2 cairo cli cracklib crypt css cups daap dbus dirac directfb docbook dot dri dvd dvdr dvdread dvi enblend encode epiphany espeak exif f-prot fam fbcon fbsplash ffmpeg file flac fortran gdbm geoip gif gimp git gmail gnutls gpg gpgme gphoto2 gpm graphviz grub gzip hal hbci iceweasel iconv id3 id3tag ieee1394 imagemagick inotify iproute2 ipv6 ipython jabber jack java6 jingle jpeg jpeg2k kate kde kde4 kdepim kdeprefix kipi kolab laptop latex libgcrypt lua lvm lzma markdown md5sum mediaplayer midi mikmod mmx mmxext mng mp3 mp3tunes mp4 mpeg mpeg2 mudflap multilib musepack musicbrainz ncurses nepomuk nls nptl nptlonly ocaml ocamlduce ocamlopt ogg openexr opengl openid openmp openstreetmap pam pcre pdf perl phonon plasma pmount png postgres pppd python python-bindings qt-webkit qt4 rar readline reflection schroedinger search semantic-desktop session sndfile solver speex spl sse sse2 ssh ssl subversion svg symlink sysfs tcpd theora tiff timidity transcode unicode usb v4l2 vim vim-syntax visualization vorbis vorbis-psy wavpack webkit wifi wma x264 xine xinerama xorg xrandr xulrunner xvid xvmc zlib zsh-completion" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en de fr es eo" USERLAND="GNU" VIDEO_CARDS="nvidia nv" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS reproducible, when building with -O1, no segfault occurs. Would be better if any of you had a backtrace with sudo also built with debugging symbols enabled, but I think I tracked down the issues, it's a similar one to #266361. I've committed a fix to pam_mount-1.25-r1. Tested sys-auth/pam_mount-1.25-r1 in combination with app-admin/sudo-1.7.1-r1, works fine. Thank you! fix confirmed. thanks! *** Bug 275317 has been marked as a duplicate of this bug. *** |