On Thu, Jan 24, 2008 at 10:27:22PM +0000, Stephen Gran wrote:
> This one time, at band camp, Kamil Jonca said:
> > Package: sudo
> > Version: 1.6.9p11-1
> >
> > Below an example:
> > [EMAIL PROTECTED]:~%sudo -k
> > [EMAIL PROTECTED]:~%sudo echo test
> > [sudo] password for kjonca:
> > Last login: Thu Jan 24 22:53:51 2008 from alfa.kjonca on pts/20
> > test
> > [EMAIL PROTECTED]:~%sudo echo test
> > zsh: segmentation fault sudo echo test
> > [EMAIL PROTECTED]:~%sudo -k
> > [EMAIL PROTECTED]:~%sudo echo test
> > [sudo] password for kjonca:
> > Last login: Thu Jan 24 23:01:36 2008 from alfa.kjonca on pts/20
> > test
> > [EMAIL PROTECTED]:~%
>
> ii sudo 1.6.9p11-1 Provide limited super user privileges to specific
> users
> [EMAIL PROTECTED]:~$ sudo -k
> [EMAIL PROTECTED]:~$ sudo echo test
> [sudo] password for steve:
> test
> [EMAIL PROTECTED]:~$ sudo echo test
> test
>
> Not here. Can you provide any additional debugging output? Try a
> different shell besides zsh?
Other shell means no differrence.
But I make setuid strace and straced sudo. And I have found that sudo
uses pam_lastlog.so, and I remember that I have problem with pam_lastlog
and xdm, so I remove pam_lastlog.
After removing pam_lastlog.so sudo stops segfault.
I don't know if it is bug in pam_lastlog or I missed something?
My files:
/etc/pam.d/sudo
======================
#%PAM-1.0
@include common-auth
@include common-account
=====================
/etc/pam.d/other
====================
#
# /etc/pam.d/other - specify the PAM fallback behaviour
#
# Note that this file is used for any unspecified service; for example
#if /etc/pam.d/cron specifies no session modules but cron calls
#pam_open_session, the session module out of /etc/pam.d/other is
#used. If you really want nothing to happen then use pam_permit.so or
#pam_deny.so as appropriate.
# We fall back to the system default in /etc/pam.d/common-*
#
@include common-auth
@include common-account
@include common-password
@include common-session
=====================
/etc/pam.d/common-session
=====================
#
# /etc/pam.d/common-session - session-related modules common to all
# services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive). The default is pam_unix.
#
session required pam_unix.so
# Sets up user limits according to /etc/security/limits.conf
# (Replaces the use of /etc/limits in old login)
session required pam_limits.so
session optional pam_lastlog.so #AFTER COMMENTING THIS SUDO STOP SEGFAULT
=====================
But there is another question (below some lines from strace dump)
====================
stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
open("/etc/pam.d/sudo", O_RDONLY|O_LARGEFILE) = 4
stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
open("/etc/pam.d/common-auth", O_RDONLY|O_LARGEFILE) = 5
read(5, "#\n# /etc/pam.d/common-auth - aut"..., 1024) = 437
stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
open("/etc/pam.d/common-account", O_RDONLY|O_LARGEFILE) = 5
read(5, "#\n# /etc/pam.d/common-account - "..., 1024) = 392
open("/etc/pam.d/other", O_RDONLY|O_LARGEFILE) = 4
read(4, "#\n# /etc/pam.d/other - specify t"..., 1024) = 520
stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
open("/etc/pam.d/common-auth", O_RDONLY|O_LARGEFILE) = 5
read(5, "#\n# /etc/pam.d/common-auth - aut"..., 1024) = 437
stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
open("/etc/pam.d/common-account", O_RDONLY|O_LARGEFILE) = 5
read(5, "#\n# /etc/pam.d/common-account - "..., 1024) = 392
stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
open("/etc/pam.d/common-password", O_RDONLY|O_LARGEFILE) = 5
read(5, "#\n# /etc/pam.d/common-password -"..., 1024) = 1024
stat64("/etc/pam.d", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
open("/etc/pam.d/common-session", O_RDONLY|O_LARGEFILE) = 5
read(5, "#\n# /etc/pam.d/common-session - "..., 1024) = 545
==================
As you can see sudo opens /etc/pam.d/other. Why? I thought that
/etc/pam.d/other is used if there is file for service?
KJ
> --
> -----------------------------------------------------------------
> | ,''`. Stephen Gran |
> | : :' : [EMAIL PROTECTED] |
> | `. `' Debian user, admin, and developer |
> | `- http://www.debian.org |
> -----------------------------------------------------------------
--
Nie oddawaj Polski oszołomom http://www.skubi.net/nieoddaj.html
"Sęk w tym, że człowiek rozumny jest statystycznie głupi" - Stanisław Lem.
