Package: libpam-modules-bin
Version: 1.5.2-8
Severity: grave

With pam 1.5.2-8 installed, my i386 chroots can't run su or sudo
anymore:

(sid-i386)root@turing:/home/myon# su -
su: Permission denied

(sid-i386)root@turing:/home/myon# sudo -i
sudo: PAM account management error: Permission denied
sudo: a password is required

amd64 is unaffected.

(sid-i386)root@turing:/home/myon# strace su -
execve("/usr/bin/su", ["su", "-"], 0xffc17124 /* 17 vars */) = 0
brk(NULL)                               = 0x57956000
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0xf7eef000
...
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
connect(4, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = -1 ENOENT (No such 
file or directory)
close(4)                                = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
connect(4, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = -1 ENOENT (No such 
file or directory)
close(4)                                = 0
read(3, "", 4096)                       = 0
close(3)                                = 0
getuid32()                              = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
readlink("/proc/self/exe", "/usr/bin/su", 4096) = 11
sendto(3, [{nlmsg_len=140, nlmsg_type=0x44c /* NLMSG_??? */, 
nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=1, nlmsg_pid=0}, 
"\x6f\x70\x3d\x50\x41\x4d\x3a\x61\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x69\x6f\x6e\x20\x67\x72\x61\x6e\x74\x6f\x72\x73\x3d\x70"...],
 140, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 140
poll([{fd=3, events=POLLIN}], 1, 500)   = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, 
nlmsg_seq=1, nlmsg_pid=627976}, {error=0, msg={nlmsg_len=140, 
nlmsg_type=AUDIT_FIRST_USER_MSG, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, 
nlmsg_seq=1, nlmsg_pid=0}}], 8988, MSG_PEEK|MSG_DONTWAIT, 
{sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, [12]) = 36
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, 
nlmsg_seq=1, nlmsg_pid=627976}, {error=0, msg={nlmsg_len=140, 
nlmsg_type=AUDIT_FIRST_USER_MSG, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, 
nlmsg_seq=1, nlmsg_pid=0}}], 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, 
nl_pid=0, nl_groups=00000000}, [12]) = 36
close(3)                                = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC)         = 0
sendto(3, [{nlmsg_len=124, nlmsg_type=0x44d /* NLMSG_??? */, 
nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=2, nlmsg_pid=0}, 
"\x6f\x70\x3d\x50\x41\x4d\x3a\x61\x63\x63\x6f\x75\x6e\x74\x69\x6e\x67\x20\x67\x72\x61\x6e\x74\x6f\x72\x73\x3d\x3f\x20\x61\x63\x63"...],
 124, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 124
poll([{fd=3, events=POLLIN}], 1, 500)   = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, 
nlmsg_seq=2, nlmsg_pid=627976}, {error=0, msg={nlmsg_len=124, nlmsg_type=0x44d 
/* AUDIT_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=2, 
nlmsg_pid=0}}], 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0, 
nl_groups=00000000}, [12]) = 36
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED, 
nlmsg_seq=2, nlmsg_pid=627976}, {error=0, msg={nlmsg_len=124, nlmsg_type=0x44d 
/* AUDIT_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=2, 
nlmsg_pid=0}}], 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0, 
nl_groups=00000000}, [12]) = 36
close(3)                                = 0
getpid()                                = 627976
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = -1 ENOENT (No such 
file or directory)
close(3)                                = 0
getpid()                                = 627976
openat(AT_FDCWD, "/var/log/btmp", O_WRONLY|O_LARGEFILE) = 3
alarm(0)                                = 0
rt_sigaction(SIGALRM, {sa_handler=0xf7e13d90, sa_mask=[], sa_flags=0}, 
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
alarm(10)                               = 0
fcntl64(3, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0
alarm(0)                                = 10
rt_sigaction(SIGALRM, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, NULL, 8) = 0
_llseek(3, 0, [384], SEEK_END)          = 0
write(3, "\6\0\0\0\10\225\t\0pts/3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 
384) = 384
fcntl64(3, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0
close(3)                                = 0
munmap(0xf7c6a000, 16392)               = 0
munmap(0xf7c37000, 208144)              = 0
munmap(0xf7b97000, 651928)              = 0
munmap(0xf7b92000, 16416)               = 0
munmap(0xf7b8c000, 20488)               = 0
munmap(0xf7b87000, 16392)               = 0
munmap(0xf7b7f000, 28680)               = 0
openat(AT_FDCWD, "/etc/login.defs", O_RDONLY|O_LARGEFILE) = 3
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT|AT_EMPTY_PATH, 
STATX_BASIC_STATS, {stx_mask=STATX_BASIC_STATS|STATX_MNT_ID, stx_attributes=0, 
stx_mode=S_IFREG|0644, stx_size=12273, ...}) = 0
read(3, "#\n# /etc/login.defs - Configurat"..., 4096) = 4096
read(3, " issuing \n# the \"mesg y\" command"..., 4096) = 4096
read(3, "users to gain permanent\n# access"..., 4096) = 4081
read(3, "", 4096)                       = 0
close(3)                                = 0
openat(AT_FDCWD, "/etc/default/su", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such 
file or directory)
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=1, tv_nsec=0}, 0xffc847bc) = 0
write(2, "su: ", 4su: )                     = 4
write(2, "Permission denied", 17Permission denied)       = 17
write(2, "\n", 1
)                       = 1
dup(1)                                  = 3
close(3)                                = 0
dup(2)                                  = 3
close(3)                                = 0
exit_group(1)                           = ?
+++ exited with 1 +++

(I have no idea if the problem is in this part of the strace.)

Christoph

Reply via email to