http://bugzilla.novell.com/show_bug.cgi?id=619780 http://bugzilla.novell.com/show_bug.cgi?id=619780#c0 Summary: pam_mount + sshd => segfaults Classification: openSUSE Product: openSUSE 11.3 Version: RC 2 Platform: i586 OS/Version: openSUSE 11.3 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: opensuse@der-he.de QAContact: qa@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.4) Gecko/20100611 SUSE/3.6.4-3.2 Firefox/3.6.4 I'm pam_mount for mounting LUKS partitions with user login. "auth optional pam_mount.so" in /etc/pam.d/common-auth "session optional pam_mount.so" in /etc/pam.d/common-session Everything works fine except ssh logins. Every login to ssh quits with: "Write failed: Broken pipe" sshd crashes with SIGSEGV while trying to strlen() an non-existent string. Same problem as here: http://bugs.gentoo.org/show_bug.cgi?id=302964 I've applied the mentioned Patch and everything is working now. It's fixed upstream, but I think there's a Version Freeze on 11.3 so it's not possible to use a newer version. Some developer should attach the patch. btw: This patch is only a workaround! It prevents sshd of crashing, but AFAIK mounting doesn't work either this way. I have to "su - user" to mount encrypted partition after ssh-login. Reproducible: Always Steps to Reproduce: 1. install pam_mount 2. configure system to mount LUKS partition with user login 3. ssh user@localhost Actual Results: login via ssh not working Expected Results: sshd should not crash PATCH: --- pam_mount-1.34/src/pam_mount.c 2010-04-08 01:37:42.000000000 +0200 +++ pam_mount-1.34-patched//src/pam_mount.c 2010-07-04 14:07:46.000000000 +0200 @@ -462,7 +462,9 @@ static char *grab_authtok(pam_handle_t * ret = pam_set_data(pamh, "pam_mount_system_authtok", authtok, clean_system_authtok); if (ret == PAM_SUCCESS) { - if (mlock(authtok, strlen(authtok) + 1) < 0) + if (authtok == NULL) + w4rn("authtok is NULL in session code\n"); + else if (mlock(authtok, strlen(authtok) + 1) < 0) w4rn("mlock authtok: %s\n", strerror(errno)); } else { l0g("error trying to save authtok for session code\n"); -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.