From owner-freebsd-ports@FreeBSD.ORG  Mon Jul 23 02:06:12 2007
Return-Path: <owner-freebsd-ports@FreeBSD.ORG>
Delivered-To: ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 392FA16A418
	for <ports@FreeBSD.org>; Mon, 23 Jul 2007 02:06:12 +0000 (UTC)
	(envelope-from tmclaugh@sdf.lonestar.org)
Received: from straycat.dhs.org (c-24-63-86-11.hsd1.ma.comcast.net
	[24.63.86.11]) by mx1.freebsd.org (Postfix) with ESMTP id DBE4E13C45E
	for <ports@FreeBSD.org>; Mon, 23 Jul 2007 02:06:11 +0000 (UTC)
	(envelope-from tmclaugh@sdf.lonestar.org)
Received: from [192.168.1.127] (bofh.straycat.dhs.org [192.168.1.127])
	by straycat.dhs.org (8.13.8/8.13.8) with ESMTP id l6N26B3L019239;
	Sun, 22 Jul 2007 22:06:11 -0400 (EDT)
From: Tom McLaughlin <tmclaugh@sdf.lonestar.org>
To: yarodin@gmail.com
In-Reply-To: <200707220909.00111.yarodin@gmail.com>
References: <200707211639.25964.yarodin@gmail.com>
	<1185038376.1955.12.camel@localhost>
	<200707220909.00111.yarodin@gmail.com>
Content-Type: text/plain; charset=koi8-r
Date: Sun, 22 Jul 2007 22:06:09 -0400
Message-Id: <1185156370.1955.81.camel@localhost>
Mime-Version: 1.0
X-Mailer: Evolution 2.10.2 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 8bit
Cc: ports@FreeBSD.org
Subject: Re: sudo 1.6.9 segfault
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
	<mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Jul 2007 02:06:12 -0000

On Sun, 2007-07-22 at 09:09 +0600, yarodin wrote:
> В сообщении от Saturday 21 July 2007 23:19:35 вы написали:
> > On Sat, 2007-07-21 at 16:39 +0600, yarodin wrote:
> > > Jul 21 15:12:01 home sudo:    admin : TTY=unknown ; PWD=/home/admin ;
> > > USER=root ; COMMAND=/sbin/ipfw
> > > Jul 21 15:12:36 home kernel: pid 42226 (sudo), uid 0: exited on signal 11
> >
> > I need a little more information.
> >
> > sudoers:
> > tom             LOCAL = NOPASSWD: /sbin/ipfw
> >
> > [tom@releng-7-fbsd tom]$ sudo ipfw
> > Last login: Sat Jul 21 13:09:52 on ttyp0
> > usage: ipfw [options]
> > do "ipfw -h" or see ipfw manpage for details
> >
> > What options are you using in the port?  What does your sudoers look
> > like?  Also, I'm curious why TTY would show up as unknown in the log.
> >
> > tom
> 
> 	Subject: Re: 1.6.9 crash on freebsd 6-stable
> 	   From: "Todd C. Miller" <Todd.Miller@courtesan.com>
>   	      To: yarodin@gmail.com
> 	   Date: 21/07/07 21:14
>    
> Thanks for the stack trace.  I believe the problem is that the
> pam_sm_close_session function in pam_lastlog.c does not check that
> 
>     pam_get_item(pamh, PAM_TTY, (const void **)&tty);
> 
> succeeded before using the tty variable.  In the case of kdesu there
> is probably no tty so that variable is being used uninitialized.
> This is really a FreeBSD bug; there is a check in pam_sm_open_session
> that is missing in the pam_sm_close_session code.
> 
> I've included two diffs.  One is a work-around for sudo, the other
> a fix for the FreeBSD issue.  If you could file a bug with FreeBSD
> and include the fix I'd appreciate it.
> 
>  - todd
> 

Awesome.  I'll commit the sudo patch shortly.  I have just one other
issues to look at which I'm almost done with figuring out.  I'll also
file a PR for libpam.

tom

> Index: lib/libpam/modules/pam_lastlog/pam_lastlog.c
> ===================================================================
> RCS file: /home/cvs/freebsd/src/lib/libpam/modules/pam_lastlog/pam_lastlog.c,v
> retrieving revision 1.21
> diff -u -r1.21 pam_lastlog.c
> --- lib/libpam/modules/pam_lastlog/pam_lastlog.c        11 Aug 2006 
> 17:03:33 -0000      1.21
> +++ lib/libpam/modules/pam_lastlog/pam_lastlog.c        21 Jul 2007 
> 15:11:39 -0000
> @@ -177,9 +177,12 @@
>  pam_sm_close_session(pam_handle_t *pamh __unused, int flags __unused,
>      int argc __unused, const char *argv[] __unused)
>  {
> +       int pam_err;
>          const void *tty;
>  
> -        pam_get_item(pamh, PAM_TTY, (const void **)&tty);
> +       pam_err = pam_get_item(pamh, PAM_TTY, (const void **)&tty);
> +       if (pam_err != PAM_SUCCESS)
> +               goto err;
>         if (strncmp(tty, _PATH_DEV, strlen(_PATH_DEV)) == 0)
>                 tty = (const char *)tty + strlen(_PATH_DEV);
>         if (*(const char *)tty == '\0')
> @@ -189,6 +192,10 @@
>                     __func__, (const char *)tty);
>          logwtmp(tty, "", "");
>          return (PAM_SUCCESS);
> +err:
> +       if (openpam_get_option(pamh, "no_fail"))
> +               return (PAM_SUCCESS);
> +       return (pam_err);
>  }
>  
>  PAM_MODULE_ENTRY("pam_lastlog");
> 
> ===================================================================
> --- auth/pam.c.orig     Tue Jun 12 07:41:12 2007
> +++ auth/pam.c          Sat Jul 21 22:31:43 2007
> @@ -94,7 +94,9 @@
>         log_error(USE_ERRNO|NO_EXIT|NO_MAIL, "unable to initialize PAM");
>         return(AUTH_FATAL);
>      }
> -    if (strcmp(user_tty, "unknown"))
> +    if (strcmp(user_tty, "unknown") == 0)
> +        (void) pam_set_item(pamh, PAM_TTY, "");
> +    else
>         (void) pam_set_item(pamh, PAM_TTY, user_tty);
>  
>      return(AUTH_SUCCESS);
-- 
| tmclaugh at sdf.lonestar.org             tmclaugh at FreeBSD.org |
| FreeBSD                                   http://www.FreeBSD.org |