Bug#401761: Acknowledgement (libpam-mount makes cron segfault)

Tue, 05 Dec 2006 15:38:57 -0800 

On Tue, Dec 05, 2006 at 09:18:08PM +0100, Javier Fernández-Sanguino Peña wrote:
> On Tue, Dec 05, 2006 at 11:04:43AM -0800, Marc MERLIN wrote:
> > > pam_mount: error trying to retrieve authtok from auth code
> > > Dec  5 11:03:01 polgara kernel: [6102582.658784] cron-debug-g2[7141]: 
> > > segfault at 0000000000000000 rip 0000000000000000 rsp 00000000ffffd3fc 
> > > error 14
> > 
> > I guess this means that it's a pam library segv and not a cron bug?
> > 
> > But now, I have no idea if the bug is in pam, or pam_mount...
> 
> I would say that the error is in pam_mount. I'm not sure if cron's segfault
> is due to the fact that pam crashes behind him or he does not handle properly
> PAM's error.
> 
> Can you please explain what kind of cron tasks are you using and what do you
> use pam_mount for? Do you auto-mount home directories and use per-user
> crontabs?

for cron, anything will crash it.
Right now, I just have 
* * * * *       root date > /tmp/date
in /etc/crontab

pam_mount, I use to decrypt and mount a directory when users log in.
Initially, the install docs I saw recommended putting the pam_mount config
like so:

/etc/pam.d/common-auth:
auth    sufficient      pam_unix.so
auth    optional        pam_mount.so use_first_pass
auth    sufficient      pam_krb5.so retain_after_close forwardable 
refresh_creds use_first_pass
auth    required        pam_deny.so

/etc/pam.d/common-session:
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).  The default is pam_unix.
#
session required        pam_unix.so
session required        pam_limits.so
session optional        pam_mount.so

Turns out I only really need to include this in
/etc/pam.d/kdm|gdm|login|ssh|xscreensaver
but indeed, sourcing it in other places shouldn't still shouldn't cause 
cron/pam to
segv

Marc
-- 
"A mouse is a device used to point at the xterm you want to type in" - A.S.R.
Microsoft is to operating systems & security ....
                                      .... what McDonalds is to gourmet cooking
Home page: http://marc.merlins.org/

Attachment: signature.asc
Description: Digital signature

Reply via email to