544197 – gnomesu-pam-bac segfaults with pam_ssh

Bug 544197 - gnomesu-pam-bac segfaults with pam_ssh

Summary: gnomesu-pam-bac segfaults with pam_ssh

Status:	RESOLVED FIXED

Alias:	None

Product:	openSUSE 11.2
Classification:	openSUSE
Component:	GNOME (show other bugs)
Version:	Final
Hardware:	i686 Other

Priority:	P3 - Medium Severity: Major with 2 votes (vote)
Target Milestone:	---
Assignee:	E-mail List
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2009-10-04 15:42 UTC by Bernhard Wiedemann
Modified:	2012-07-31 20:11 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
memory corruption output (7.40 KB, text/plain) 2009-11-16 15:39 UTC, Bernhard Wiedemann	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernhard Wiedemann 2009-10-04 15:42:40 UTC

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.1.3) Gecko/20090909 SUSE/3.5.3-1.3 Firefox/3.5.3

I installed openSUSE-GNOME-LiveCD-Build0308-i686.
When having pam_ssh activated, gnomesu terminates without any helpful notice to the user.

Reproducible: Always

Steps to Reproduce:
1. zypper install pam_ssh ; pam-config --add --ssh
2. run "gnomesu yast2" (happens in background when updating software)

Actual Results:  
gnomesu returns with code 255 but without any message to the running console.
/var/log/messages shows
Oct  4 17:19:31 mobilix gnomesu-pam-backend: The gnome keyring socket is not owned with the same credentials as the user login: /tmp/keyring-pl4GSf/socket
Oct  4 17:19:31 mobilix gnomesu-pam-backend: gkr-pam: couldn't unlock 'login' keyring: 255
Oct  4 17:19:31 mobilix kernel: [ 1922.938483] gnomesu-pam-bac[6235]: segfault at 0 ip b7edd9a3 sp bf93e20c error 4 in libc-2.10.1.so[b7e68000+159000]


Expected Results:  
The application should be started with root privileges (as happens again after pam-config --delete --ssh)
If there is a failure, there should at least be some message to the user.

the mentioned keyring appears to have the right owner:
> ll /tmp/keyring-pl4GSf/socket
srwxr-xr-x 1 bernhard users 0 Oct  4 16:47 /tmp/keyring-pl4GSf/socket

it helps to disable in /etc/pam.d/common-auth
"auth   optional        pam_gnome_keyring.so"

at that time, kdesu yast2 also starts working again

sudo and su only work on entering the PW the second time until the above "pam_gnome_keyring" work-around.

it also helps to exchange the order in /etc/pam.d/common-auth
auth    optional        pam_ssh.so
auth    optional        pam_gnome_keyring.so

Comment 1 Bernhard Wiedemann 2009-11-16 15:38:27 UTC

I am still seeing major issues with pam_ssh and sudo and gnomesu in a 11.1 which I upgraded to 11.2-final.

there is also some memory corruption displayed with
sudo /usr/sbin/pam-config -a --ssh
sudo /usr/bin/id

I tried the same on a fresh 11.2-KDE4-install and that corruption did not occur there.

Comment 2 Bernhard Wiedemann 2009-11-16 15:39:35 UTC

Created attachment 327715 [details]
memory corruption output

Comment 3 Dominique Leuenberger 2012-07-31 20:11:40 UTC

Sorry, this bug did not get the attention it deserved.

Not likely, you have already upgraded to newer versions of openSUSE, which had
a lot more bug fixes.

As openSUSE 11.2 is no longer maintained (for a long time already) and I can't
seem to reproduce anything similar in openSUSE 12.1 / 12.2 RC, I close the bug
as 'FIXED'.

Should you be able to reproduce this issue on a newer openSUSE version, please
feel to report it again.