HPE Community
Operating System - Linux
1752579 Members
3116 Online
108788 Solutions
New Discussion

PAM crash on a trusted system ....

 
Robert Currey
Occasional Contributor

‎10-20-2006 06:56 AM

‎10-20-2006 06:56 AM

PAM crash on a trusted system ....

The sample program attached will crash somewhere inside a pam module ...

Notes ...
* If the program is NOT compiled with -lpthread, it will not crash (but our app does need -lpthread)
* If the program doesn't _compile_ the following it also will not crash ...
#if 1
void
crash_it(char* user)
{
struct spwd* spwd = getspnam(user);
//endspent();
}
#endif
NOTE: This code is NEVER executed, simply been compiled).

Here's a stack trace from the execution of the sample program ...

conversation_handler: msg[0]: Please enter user name: (prompt)
conversation_handler: response=root
fatal signal: 10
( 0) 0x00026590 segv_handler__Fi + 0x2c [./auth_test]
( 1) 0x00079e80 _sigreturn [./auth_test]
( 2) 0xc000a200 what_string.c
/ux/core/libs/libnss_files/shared_pa1
ccom options = -DA1.1 -DS1. + 0x3201 [/usr/lib/libnss_files.1]
( 3) 0xc000d7b4 _nss_files_shadow_constr + 0xc4 [/usr/lib/libnss_files.1]
( 4) 0x00072a48 __nss_search + 0x170 [./auth_test]
( 5) 0xc0052c30 nss_getprpwnam_r + 0x90 [/usr/lib/libsec.2]
( 6) 0xc004c814 nss_getprpwnam + 0xb4 [/usr/lib/libsec.2]
( 7) 0xc0e1326c print_pwd_change_info + 0x4c [/usr/lib/security/libpam_unix.1]
( 8) 0xc0e09b28 pam_sm_authenticate + 0x278 [/usr/lib/security/libpam_unix.1]
( 9) 0xc07f98c4 pam_authenticate + 0xbc [/usr/lib/libpam.1]
(10) 0x0002681c main + 0xb0 [./auth_test]
(11) 0x00050b0c _start + 0x98 [./auth_test]
(12) 0x00025418 $START$ + 0x178 [./auth_test]
Bus error (core dumped)


Some more info ... (a very generic HP11.00 machine put into trusted mode and using a std pam.conf)

# uname -a
HP-UX breen B.11.00 A 9000/785 2010146131 two-user license

# cat /etc/pam.conf
#
# PAM Configuration
#
# Account Management
#
dtaction account required /usr/lib/security/libpam_unix.1
dtlogin account required /usr/lib/security/libpam_unix.1
ftp account required /usr/lib/security/libpam_unix.1
login account required /usr/lib/security/libpam_unix.1
su account required /usr/lib/security/libpam_unix.1
OTHER account required /usr/lib/security/libpam_unix.1
#
# Authentication Management
#
dtaction auth required /usr/lib/security/libpam_unix.1
dtlogin auth required /usr/lib/security/libpam_unix.1
ftp auth required /usr/lib/security/libpam_unix.1
login auth required /usr/lib/security/libpam_unix.1
su auth required /usr/lib/security/libpam_unix.1
OTHER auth required /usr/lib/security/libpam_unix.1
#
# Password Management
#
dtaction password required /usr/lib/security/libpam_unix.1
dtlogin password required /usr/lib/security/libpam_unix.1
login password required /usr/lib/security/libpam_unix.1
passwd password required /usr/lib/security/libpam_unix.1
OTHER password required /usr/lib/security/libpam_unix.1
#
# Session Management
#
dtaction session required /usr/lib/security/libpam_unix.1
dtlogin session required /usr/lib/security/libpam_unix.1
login session required /usr/lib/security/libpam_unix.1
OTHER session required /usr/lib/security/libpam_unix.1


I can tell you where to go today ...
0 Kudos
Reply
1 REPLY 1
Dennis Handly
Acclaimed Contributor

‎06-20-2007 05:52 PM

‎06-20-2007 05:52 PM

Re: PAM crash on a trusted system ....

I couldn't duplicate your abort, possibly because I'm not on a trusted system.

You are illegally linking a aC++ application with -lpthread without compiling with -mt. This is especially bad with -AA.

Also you are linking with archive system libs, which is never a good thing if you have a mixture of some shared:
-Wl,-aarchive_shared
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.