Bug#510951: segfaults after PAM thread exits unexpectedly
martin f krafft <madduck@debian.org> writes:
> However, the above set always conincides with a pair of related
> messages including the segfault. The PID is always just a few
> numbers higher. The times at which the log entries occur are at the
> same time. The user names logged by PAM_smbpass are also always
> identical:
>
> PAM_smbpass[30864]: username [root] obtained
> kernel: sshd[30864]: segfault at 00000000 eip 00000000 esp bfdbf73c error 4
>
> It seems as if the password itself might be the cause for the
> segfault. The real bug could be in PAM_smbpass, but sshd should
> really not segfault.
Since sshd loads pam_smbpass into memory as a shared object and then calls
into it, if pam_smbpass segfaults, there's not really much that sshd can
do to stop it. And that segfault will show up as an sshd segfault (in
this case probably in the helper process that's used to run the auth
stack).
I suspect the bug here is a segfault bug in pam_smbpass.
I wonder if trying to log in as root with an empty password would
reproduce this problem. It's an obvious edge case, and I've seen it cause
problems with PAM modules in the past.
--
Russ Allbery (rra@debian.org) <http://www.eyrie.org/~eagle/>
Reply to: