Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 10 May 2022 10:43:38 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 263893] pam_exec.so in auth stack with expose_authtok option makes su segfault
Message-ID:  <bug-263893-227@https.bugs.freebsd.org/bugzilla/>

next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263893

            Bug ID: 263893
           Summary: pam_exec.so in auth stack with expose_authtok option
                    makes su segfault
           Product: Base System
           Version: 13.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: bugs@FreeBSD.org
          Reporter: felix@palmen-it.de

su(1) segfaults when there's pam_exec.so in the "auth" stack with the option
expose_authtok.

To reproduce, use the following "auth" config in /etc/pam.d/system:

auth            sufficient      pam_exec.so             expose_authtok
/usr/bin/false
auth            required        pam_unix.so             use_first_pass null=
ok

When removing the 'use_first_pass' option from 'pam_unix.so', su asks for a
password a second time (as expected), but still segfaults.

When removing the 'expose_authtok' option from 'pam_exec.so', the segfault =
is
gone.

A lot of (probably irrelevant) context is here:
https://forums.freebsd.org/threads/su-segfaults-when-adding-some-custom-pam=
_exec-to-the-auth-stack.85112/

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-263893-227>