$ su - SSH passphrase: Segmentation fault $ The "passphrase" entered was ^D. (Immediate abort with empty password.) Reproducible: Always
... also, should the prompt really be "SSH passphrase" at this point? Surely, it's the root password (or user password with 'sudo su ...') that's required, nothing to do with SSH?
Issue persists in sys-auth/pam_ssh-1.97-r1: --- Password: Program received signal SIGSEGV, Segmentation fault. 0x00007f501554c4e2 in strlen () from /lib/libc.so.6 (gdb) bt full #0 0x00007f501554c4e2 in strlen () from /lib/libc.so.6 No symbol table info available. #1 0x00007f501476dd68 in pam_get_pass () from /lib64/security/pam_ssh.so No symbol table info available. #2 0x00007f501476a2d2 in pam_sm_authenticate () from /lib64/security/pam_ssh.so No symbol table info available. #3 0x00007f5015a41a76 in ?? () from /lib/libpam.so.0 No symbol table info available. #4 0x00007f5015a413a8 in pam_authenticate () from /lib/libpam.so.0 No symbol table info available. #5 0x0000000000403047 in ?? () No symbol table info available. #6 0x00007f50154e8b8d in __libc_start_main () from /lib/libc.so.6 No symbol table info available. #7 0x00000000004021b9 in ?? () No symbol table info available. #8 0x00007fffb03ac638 in ?? () No symbol table info available. #9 0x000000000000001c in ?? () No symbol table info available. #10 0x0000000000000002 in ?? () No symbol table info available. #11 0x00007fffb03acdc3 in ?? () No symbol table info available. #12 0x00007fffb03acdd5 in ?? () No symbol table info available. #13 0x0000000000000000 in ?? () No symbol table info available. --- I've been tought every segfault triggered by input data is a potential security problem. I assume this applies here, especially with /bin/su having mode u+s set and such?
Created upstream bug: https://sourceforge.net/tracker/?func=detail&aid=3027989&group_id=16000&atid=116000
Duplicated in bug #266603, which was fixed meanwhile.