From owner-freebsd-security@FreeBSD.ORG Tue Sep 20 19:21:02 2011 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BAE9D106566C for ; Tue, 20 Sep 2011 19:21:02 +0000 (UTC) (envelope-from gpalmer@freebsd.org) Received: from noop.in-addr.com (mail.in-addr.com [IPv6:2001:470:8:162::1]) by mx1.freebsd.org (Postfix) with ESMTP id 8D69A8FC08 for ; Tue, 20 Sep 2011 19:21:02 +0000 (UTC) Received: from gjp by noop.in-addr.com with local (Exim 4.76 (FreeBSD)) (envelope-from ) id 1R65sK-000D8g-L4; Tue, 20 Sep 2011 15:21:00 -0400 Date: Tue, 20 Sep 2011 15:21:00 -0400 From: Gary Palmer To: Mike Tancsa Message-ID: <20110920192100.GF10165@in-addr.com> References: <4E778357.1030206@sentex.net> <4E78E5DC.6050600@sentex.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4E78E5DC.6050600@sentex.net> X-SA-Exim-Connect-IP: X-SA-Exim-Mail-From: gpalmer@freebsd.org X-SA-Exim-Scanned: No (on noop.in-addr.com); SAEximRunCond expanded to false Cc: Corey Smith , freebsd-security@freebsd.org Subject: Re: pam_ssh_agent_auth coredump on AMD64 (was Re: PAM modules) X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Sep 2011 19:21:02 -0000 On Tue, Sep 20, 2011 at 03:13:32PM -0400, Mike Tancsa wrote: > On 9/19/2011 2:00 PM, Mike Tancsa wrote: > > On 9/16/2011 3:10 PM, Corey Smith wrote: > >> On 09/16/2011 11:05 AM, Dag-Erling Sm?rgrav wrote: > >>> My question is: which ones? > >> > >> security/pam_ssh_agent_auth > >> > >> It is BSD licensed and handy for sudo. > > > > > > Neato, I didnt know of this module for sudo! However, with the default > > install on AMD64, I am getting coredump. > > Actually, I tried the same setup on i386 and it seems to work just fine. > However, on an AMD64 machine, sudo just coredumps. Anyone running this > setup on amd64 ? > > Running with -D9, normally it looks something like > > % sudo -D9 su > sudo: settings: debug_level=9 > sudo: settings: progname=sudo > sudo: settings: network_addrs=.... > sudo: sudo_mode 1 > sudo: policy plugin returns 1 > sudo: command info: umask=022 > sudo: command info: command=/usr/bin/su > sudo: command info: runas_uid=0 > sudo: command info: runas_gid=0 > sudo: command info: runas_groups=0,5 > sudo: command info: closefrom=3 > sudo: command info: set_utmp=true > sudo: command info: login_class=default > > where as on amd64, > > % sudo -D9 su > sudo: settings: debug_level=9 > sudo: settings: progname=sudo > sudo: settings: network_addrs=.... > sudo: sudo_mode 1 > Segmentation fault > > It seems to die in the call to > > static int > policy_check(struct plugin_container *plugin, int argc, char * const argv[], > char *env_add[], char **command_info[], char **argv_out[], > char **user_env_out[]) > { > return plugin->u.policy->check_policy(argc, argv, env_add, command_info, > argv_out, user_env_out); > } > > > I cant get it to coredump since its setuid. Before I start adding more > debug printfs, does anyone have any suggestions as to what it might be ? If you do sysctl kern.sugid_coredump=1 can you get a coredump? Gary