Package: libpam-modules-bin
Version: 1.5.2-8
Severity: grave
With pam 1.5.2-8 installed, my i386 chroots can't run su or sudo
anymore:
(sid-i386)root@turing:/home/myon# su -
su: Permission denied
(sid-i386)root@turing:/home/myon# sudo -i
sudo: PAM account management error: Permission denied
sudo: a password is required
amd64 is unaffected.
(sid-i386)root@turing:/home/myon# strace su -
execve("/usr/bin/su", ["su", "-"], 0xffc17124 /* 17 vars */) = 0
brk(NULL) = 0x57956000
mmap2(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) =
0xf7eef000
...
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
connect(4, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = -1 ENOENT (No such
file or directory)
close(4) = 0
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 4
connect(4, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = -1 ENOENT (No such
file or directory)
close(4) = 0
read(3, "", 4096) = 0
close(3) = 0
getuid32() = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
readlink("/proc/self/exe", "/usr/bin/su", 4096) = 11
sendto(3, [{nlmsg_len=140, nlmsg_type=0x44c /* NLMSG_??? */,
nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=1, nlmsg_pid=0},
"\x6f\x70\x3d\x50\x41\x4d\x3a\x61\x75\x74\x68\x65\x6e\x74\x69\x63\x61\x74\x69\x6f\x6e\x20\x67\x72\x61\x6e\x74\x6f\x72\x73\x3d\x70"...],
140, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 140
poll([{fd=3, events=POLLIN}], 1, 500) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED,
nlmsg_seq=1, nlmsg_pid=627976}, {error=0, msg={nlmsg_len=140,
nlmsg_type=AUDIT_FIRST_USER_MSG, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK,
nlmsg_seq=1, nlmsg_pid=0}}], 8988, MSG_PEEK|MSG_DONTWAIT,
{sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, [12]) = 36
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED,
nlmsg_seq=1, nlmsg_pid=627976}, {error=0, msg={nlmsg_len=140,
nlmsg_type=AUDIT_FIRST_USER_MSG, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK,
nlmsg_seq=1, nlmsg_pid=0}}], 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK,
nl_pid=0, nl_groups=00000000}, [12]) = 36
close(3) = 0
socket(AF_NETLINK, SOCK_RAW, NETLINK_AUDIT) = 3
fcntl64(3, F_SETFD, FD_CLOEXEC) = 0
sendto(3, [{nlmsg_len=124, nlmsg_type=0x44d /* NLMSG_??? */,
nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=2, nlmsg_pid=0},
"\x6f\x70\x3d\x50\x41\x4d\x3a\x61\x63\x63\x6f\x75\x6e\x74\x69\x6e\x67\x20\x67\x72\x61\x6e\x74\x6f\x72\x73\x3d\x3f\x20\x61\x63\x63"...],
124, 0, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 124
poll([{fd=3, events=POLLIN}], 1, 500) = 1 ([{fd=3, revents=POLLIN}])
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED,
nlmsg_seq=2, nlmsg_pid=627976}, {error=0, msg={nlmsg_len=124, nlmsg_type=0x44d
/* AUDIT_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=2,
nlmsg_pid=0}}], 8988, MSG_PEEK|MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0,
nl_groups=00000000}, [12]) = 36
recvfrom(3, [{nlmsg_len=36, nlmsg_type=NLMSG_ERROR, nlmsg_flags=NLM_F_CAPPED,
nlmsg_seq=2, nlmsg_pid=627976}, {error=0, msg={nlmsg_len=124, nlmsg_type=0x44d
/* AUDIT_??? */, nlmsg_flags=NLM_F_REQUEST|NLM_F_ACK, nlmsg_seq=2,
nlmsg_pid=0}}], 8988, MSG_DONTWAIT, {sa_family=AF_NETLINK, nl_pid=0,
nl_groups=00000000}, [12]) = 36
close(3) = 0
getpid() = 627976
socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC, 0) = 3
connect(3, {sa_family=AF_UNIX, sun_path="/dev/log"}, 110) = -1 ENOENT (No such
file or directory)
close(3) = 0
getpid() = 627976
openat(AT_FDCWD, "/var/log/btmp", O_WRONLY|O_LARGEFILE) = 3
alarm(0) = 0
rt_sigaction(SIGALRM, {sa_handler=0xf7e13d90, sa_mask=[], sa_flags=0},
{sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0
alarm(10) = 0
fcntl64(3, F_SETLKW, {l_type=F_WRLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0
alarm(0) = 10
rt_sigaction(SIGALRM, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, NULL, 8) = 0
_llseek(3, 0, [384], SEEK_END) = 0
write(3, "\6\0\0\0\10\225\t\0pts/3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"...,
384) = 384
fcntl64(3, F_SETLKW, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0
close(3) = 0
munmap(0xf7c6a000, 16392) = 0
munmap(0xf7c37000, 208144) = 0
munmap(0xf7b97000, 651928) = 0
munmap(0xf7b92000, 16416) = 0
munmap(0xf7b8c000, 20488) = 0
munmap(0xf7b87000, 16392) = 0
munmap(0xf7b7f000, 28680) = 0
openat(AT_FDCWD, "/etc/login.defs", O_RDONLY|O_LARGEFILE) = 3
statx(3, "", AT_STATX_SYNC_AS_STAT|AT_NO_AUTOMOUNT|AT_EMPTY_PATH,
STATX_BASIC_STATS, {stx_mask=STATX_BASIC_STATS|STATX_MNT_ID, stx_attributes=0,
stx_mode=S_IFREG|0644, stx_size=12273, ...}) = 0
read(3, "#\n# /etc/login.defs - Configurat"..., 4096) = 4096
read(3, " issuing \n# the \"mesg y\" command"..., 4096) = 4096
read(3, "users to gain permanent\n# access"..., 4096) = 4081
read(3, "", 4096) = 0
close(3) = 0
openat(AT_FDCWD, "/etc/default/su", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such
file or directory)
clock_nanosleep(CLOCK_REALTIME, 0, {tv_sec=1, tv_nsec=0}, 0xffc847bc) = 0
write(2, "su: ", 4su: ) = 4
write(2, "Permission denied", 17Permission denied) = 17
write(2, "\n", 1
) = 1
dup(1) = 3
close(3) = 0
dup(2) = 3
close(3) = 0
exit_group(1) = ?
+++ exited with 1 +++
(I have no idea if the problem is in this part of the strace.)
Christoph
