[sudo-users] pam_ssh_agent_auth segfault

Jamie Beverly jamie.beverly at yahoo.com
Wed Sep 21 10:46:52 EDT 2011

----- Original Message -----

> From: Mike Tancsa <mike at sentex.net>
> To: Todd C. Miller <Todd.Miller at courtesan.com>
> Cc: sudo-users at sudo.ws
> Sent: Wednesday, September 21, 2011 7:36 AM
> Subject: Re: [sudo-users] pam_ssh_agent_auth segfault
> On 9/21/2011 10:12 AM, Todd C. Miller wrote:
>>  Well, that's both good and bad news.  The change from RTLD_LOCAL
>>  to RTLD_GLOBAL was needed for pam modules that require symbols from
>>  libpam.
>>  In this case it looks like there is a namespace clash with the
>>  "verbose" symbol in the sudoers parser and a function called 
> verbose
>>  in pam_ssh_agent_auth.so and ld.so chooses the wrong one.  I had
>>  hoped that libtool's export file would prevent this kind of problem
>>  but apparently it doesn't (at least on FreeBSD).  There will be a
>>  workaround in the next release candidate of sudo 1.8.3.
> Ahhh, that seems to be the case indeed. In the plugin, I did the
> following on FreeBSD
> 0|dsl-b8|# cd /usr/ports/security/pam_ssh_agent_auth/
> 0|dsl-b8|# make extract
> ===>  Vulnerability check disabled, database not found
> ===>  License check disabled, port has not defined LICENSE
> ===>  Extracting for pam_ssh_agent_auth-0.9.3
> => SHA256 Checksum OK for pam_ssh_agent_auth-0.9.3.tar.bz2.
> ===>   pam_ssh_agent_auth-0.9.3 depends on file:
> /usr/local/bin/perl5.12.4 - found
> 0|dsl-b8|# cd work/pam_ssh_agent_auth-0.9.3/
> 0|dsl-b8|# perl -p -i -e 
> "s/verbose\(/pam_ssh_auth_verbose\(/g" *.c
> 0|dsl-b8|# perl -p -i -e 
> "s/verbose\(/pam_ssh_auth_verbose\(/g" *.h
> 0|dsl-b8|# cd ../..
> 0|dsl-b8|# make install

I'll take this as my bug in pam_ssh_agent_auth to prefix at least my more generically named symbols appropriately; I had meant to do that for several symbols as I had done for "error", but then became side-tracked and forgot about it.

-- Jamie.

More information about the sudo-users mailing list