[Pkg-shadow-devel] Bug#472986: /bin/su: su segfaults with libpam-p11 activated in /etc/pam.d/common-auth
Jerome Alet
jerome.alet at ac-nice.fr
Fri Apr 11 07:57:40 UTC 2008
Nicolas François wrote:
> Hello Jérôme,
>
> Do you have some news regarding http://bugs.debian.org/472986?
> Could you check your log at the time it appeared?
>
> Could you also test if the bug is fixed in the new version 1:4.1.1-1?
No it's not fixed in 1:4.1.1-1.
With SYSLOG_SU_ENAB set to yes and the SULOG_FILE defined, nothing gets
written to the file : the segfault occurs before. When deactivating the
pkcs11 stuff, I've checked that this file gets correctly written to when
using su.
/var/log/auth.log contains :
--- CUT ---
Apr 11 09:49:19 houlala pam_p11[17848]: fatal: pkcs11_sign failed
Apr 11 09:49:19 houlala pam_p11[17848]: pam_authenticate: Authentication
service cannot retrieve authentication info
--- CUT ---
I think pkcs11_sign fails probably because of the incorrect way my token
was created. In fact I don't even expect this token to allow me to
login, I'm just doing some testing... Anyway su should probably handle
that failure more gracefully than by segfaulting.
In kern.log I've got :
--- CUT ---
Apr 11 09:49:20 houlala kernel: su[17848]: segfault at b7f879c0 eip
b7e970f3 esp bfb25738 error 4
--- CUT ---
hth
Jerome Alet
More information about the Pkg-shadow-devel
mailing list