| Summary: | pam_console_apply segfaults with minimal /etc/group | ||
|---|---|---|---|
| Product: | Gentoo Linux | Reporter: | Owen Gunden <ogunden> |
| Component: | [OLD] Core system | Assignee: | PAM Gentoo Team (OBSOLETE) <pam-bugs+disabled> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | base-system, greg_g, sascha-gentoo-bugzilla |
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
| Attachments: |
patch disabling pam_console_apply in bootmisc for udev systems
patch disabling pam_console_apply in halt.sh for udev systems |
||
Created attachment 30898 [details, diff]
patch disabling pam_console_apply in bootmisc for udev systems
Created attachment 30899 [details, diff]
patch disabling pam_console_apply in halt.sh for udev systems
i got the same error, but for cdwriter and not usb. for bootmisc and hast.sh scripts please fix in next releases. thanx segfault after "getgrnam failed... "? well, I just found this in the pam tarball:
pam-0.77-patches/gentoo-patches/pam-0.77-console-reset.patch
Probaly one of the most stupid patches ever.
--- Linux-PAM-0.77/modules/pam_console/config.y.console-reset 2003-07-10 22:50:26.000000000 +0200
+++ Linux-PAM-0.77/modules/pam_console/config.y 2003-07-10 22:54:22.000000000 +0200
@@ -415,13 +415,13 @@
if (pwd == NULL) {
_pam_log(LOG_ERR, FALSE, "getpwnam failed for %s",
c->revert_owner ? c->revert_owner : "root");
- return -1;
+ pwd->pw_uid = 0;
}
grp = _pammodutil_getgrnam(pamh, c->revert_group ? c->revert_group : "root");
if (grp == NULL) {
_pam_log(LOG_ERR, FALSE, "getgrnam failed for %s",
c->revert_group ? c->revert_group : "root");
- return -1;
+ grp->gr_gid = 0;
}
if (c->device_class->list)
chmod_files(c->revert_mode ? c->revert_mode : "0600",
azarah/agriffis: could the bootmisc change make it into the baselayout, and what's your opinion on removing the PAM console-reset patch? Call me crazy, but I think this bug has something in common with bug #42139; at least for the halt.sh issue. added additional checks for udev to cvs, thanks *** Bug 43315 has been marked as a duplicate of this bug. *** *** Bug 68794 has been marked as a duplicate of this bug. *** This is wrong. If you get that, it means pam_console_apply could not get the group info from /etc/group for the 'usb' group. It works flawlessly here (and I would like to keep it doing so on my few systems): ----- nosferatu linux-2.6-bk # ls -l /dev/.udev -rw-r--r-- 1 root root 0 Oct 24 05:12 /dev/.udev nosferatu linux-2.6-bk # ls -l /dev/usb/ total 0 crw-r--r-- 1 root root 180, 0 Oct 26 22:26 lp0 crw-r--r-- 1 root root 180, 1 Oct 26 22:26 lp1 crw------- 1 root root 180, 64 Oct 26 22:30 rio500 nosferatu linux-2.6-bk # /sbin/pam_console_apply nosferatu linux-2.6-bk # ls -l /dev/usb/ total 0 crw-r--r-- 1 root root 180, 0 Oct 26 22:26 lp0 crw-r--r-- 1 root root 180, 1 Oct 26 22:26 lp1 crw------- 1 azarah root 180, 64 Oct 26 22:30 rio500 nosferatu linux-2.6-bk # /sbin/pam_console_apply -r nosferatu linux-2.6-bk # ls -l /dev/usb/ total 0 crw-r--r-- 1 root root 180, 0 Oct 26 22:26 lp0 crw-r--r-- 1 root root 180, 1 Oct 26 22:26 lp1 crw------- 1 root root 180, 64 Oct 26 22:30 rio500 nosferatu linux-2.6-bk # ----- So basically we have two options: 1) Find out what (im guessing missing usb entry in /etc/group) is broken on affected systems, or 2) Fix pam_console_apply to not segfault if getgrnam fails. Would anybody that are affected by this issue be willing to try and track it down ? > This is wrong. If you get that, it means pam_console_apply could not get
> the group info from /etc/group for the 'usb' group.
Yes, I think you're right--I'm the original reporter and I now believe that
pam_console_apply should be called even with udev (I've experienced situations
where I don't own audio devices correctly after logging out and in again).
On my system there's no usb group. Believe it or not, this could be because
I'm an idiot and removed it manually a while back. I should try to add it.
[tinker tinker tinker..]
Fixed; pam_console_apply -r no longer segfaults.
Wow, what an idiot I am..
No problem. I will have a look into why pam_console_apply segfaults, and we can revert the changes to bootmisc and halt.sh again. Well... it's because the abovementioned patch does "grp->gr_gid = 0;" when grp is NULL. Sorry if I wasn't clear in my previous post. Ah, right. My mistake though, I did not read all of the bug :P hmm, the thing vapier gave me didnt work, however, when i then removed it again, it worked, i dont know what did it This should be a better patch (fixed for pam-0.77 and pam-0.77-r2):
-----
--- Linux-PAM-0.77/modules/pam_console/pam_console_apply.c.console-reset 2003-07-08 05:16:28.000000000 +0200
+++ Linux-PAM-0.77/modules/pam_console/pam_console_apply.c 2003-07-10 22:50:26.000000000 +0200
@@ -41,8 +41,9 @@
va_list args;
if (debug_p && !debug) return;
va_start(args, format);
- fprintf(stderr, format, args);
+ vfprintf(stderr, format, args);
va_end(args);
+ fprintf(stderr, "\n");
}
int
--- Linux-PAM-0.77/modules/pam_console/config.y.az 2004-10-31 14:39:41.519539120 +0200
+++ Linux-PAM-0.77/modules/pam_console/config.y 2004-10-31 14:42:44.110781032 +0200
@@ -425,6 +425,8 @@
reset_permissions(pam_handle_t *pamh, const char *consolename, int nonroot_ok) {
struct passwd *pwd;
struct group *grp;
+ uid_t pw_uid;
+ gid_t gr_gid;
config *c;
GSList *cl;
@@ -439,20 +441,24 @@
if (pwd == NULL) {
_pam_log(LOG_ERR, FALSE, "getpwnam failed for %s",
c->revert_owner ? c->revert_owner : "root");
- return -1;
+ pw_uid = 0;
+ } else {
+ pw_uid = pwd->pw_uid;
}
grp = _pammodutil_getgrnam(pamh, c->revert_group ? c->revert_group : "root");
if (grp == NULL) {
_pam_log(LOG_ERR, FALSE, "getgrnam failed for %s",
c->revert_group ? c->revert_group : "root");
- return -1;
- }
+ gr_gid = 0;
+ } else {
+ gr_gid = pwd->pw_uid;
+ }
if (c->device_class->list)
chmod_files(c->revert_mode ? c->revert_mode : "0600",
- pwd->pw_uid, grp->gr_gid, NULL, c->device_class->list);
+ pw_uid, gr_gid, NULL, c->device_class->list);
else
chmod_files(c->revert_mode ? c->revert_mode : "0600",
- pwd->pw_uid, grp->gr_gid, c->device_class->name, NULL);
+ pw_uid, gr_gid, c->device_class->name, NULL);
}
}
return 0;
|
On a pure udev system, running pam_console_apply on bootup segfaults after erroring with "getgrnam failed for usb". It's not currently run for devfs systems. I can tell this because in /etc/bootmisc there is the following: [ -x /sbin/pam_console_apply -a ! -c /dev/.devfsd ] && \ /sbin/pam_console_apply -r and in /etc/halt.sh there is similar. Changing this to [ -x /sbin/pam_console_apply -a ! -c /dev/.devfsd -a ! -f /dev/.udev ] \ && /sbin/pam_console_apply -r makes it not apply to udev systems either. I'll attach patches for bootmisc and halt.sh, but it's just that tiny change. I've been patching baselayout for several versions now manually--it would be nice if this would get incorporated. Reproducible: Always Steps to Reproduce: 1. on a udev system, run pam_console_apply -r Actual Results: getgrnam failed for usb segmentation fault pam_console_apply -r Expected Results: pam_console_apply should not be run (at least, i think this is a safe solution, since it's not run for devfs which is practically all gentoo machines) Portage 2.0.50-r6 (default-x86-1.4, gcc-3.3.3, glibc-2.3.3_pre20040420-r0, 2.6.5-gentoo) ================================================================= System uname: 2.6.5-gentoo i686 AMD Athlon(tm) XP 1800+ Gentoo Base System version 1.4.10 distcc 2.13 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] Autoconf: sys-devel/autoconf-2.59-r3 Automake: sys-devel/automake-1.8.3 ACCEPT_KEYWORDS="x86 ~x86" AUTOCLEAN="yes" CFLAGS="-march=athlon-xp -O2 -pipe" CHOST="i686-pc-linux-gnu" COMPILER="gcc3" CONFIG_PROTECT="/etc /usr/X11R6/lib/X11/xkb /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon-xp -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoaddcvs ccache sandbox" GENTOO_MIRRORS="http://mirror.datapipe.net/gentoo ftp://ftp.ussg.iu.edu/pub/linux/gentoo ftp://csociety-ftp.ecn.purdue.edu/pub/gentoo/ http://gentoo.mirrors.pair.com/ http://adelie.polymtl.ca/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="3dnow X aalib alsa apache2 avi berkdb bonobo cdr crypt cups dga directfb dvd dvdr encode esd fbcon foomaticdb gdbm gif glut gnome gtk gtk2 gtkhtml guile imap imlib java jpeg libg++ libwww mad maildir mikmod mmx motif mozcalendar mozilla moznocompose moznoirc mozsvg mozxmlterm mpeg ncurses nptl offensive oggvorbis opengl pam pdflib perl plotutils png ppds python quicktime readline ruby samba scanner slang spell ssl svga tcltk tcpd tetex tiff truetype usb video_cards_nvidia x86 xml2 xmms xv zlib"