[sudo-users] pam_ssh_agent_auth segfault
Jamie Beverly
jamie.beverly at yahoo.com
Wed Sep 21 10:46:52 EDT 2011
----- Original Message -----
> From: Mike Tancsa <mike at sentex.net>
> To: Todd C. Miller <Todd.Miller at courtesan.com>
> Cc: sudo-users at sudo.ws
> Sent: Wednesday, September 21, 2011 7:36 AM
> Subject: Re: [sudo-users] pam_ssh_agent_auth segfault
>
> On 9/21/2011 10:12 AM, Todd C. Miller wrote:
>> Well, that's both good and bad news. The change from RTLD_LOCAL
>> to RTLD_GLOBAL was needed for pam modules that require symbols from
>> libpam.
>>
>> In this case it looks like there is a namespace clash with the
>> "verbose" symbol in the sudoers parser and a function called
> verbose
>> in pam_ssh_agent_auth.so and ld.so chooses the wrong one. I had
>> hoped that libtool's export file would prevent this kind of problem
>> but apparently it doesn't (at least on FreeBSD). There will be a
>> workaround in the next release candidate of sudo 1.8.3.
>
> Ahhh, that seems to be the case indeed. In the plugin, I did the
> following on FreeBSD
>
>
> 0|dsl-b8|# cd /usr/ports/security/pam_ssh_agent_auth/
> 0|dsl-b8|# make extract
> ===> Vulnerability check disabled, database not found
> ===> License check disabled, port has not defined LICENSE
> ===> Extracting for pam_ssh_agent_auth-0.9.3
> => SHA256 Checksum OK for pam_ssh_agent_auth-0.9.3.tar.bz2.
> ===> pam_ssh_agent_auth-0.9.3 depends on file:
> /usr/local/bin/perl5.12.4 - found
> 0|dsl-b8|# cd work/pam_ssh_agent_auth-0.9.3/
> 0|dsl-b8|# perl -p -i -e
> "s/verbose\(/pam_ssh_auth_verbose\(/g" *.c
> 0|dsl-b8|# perl -p -i -e
> "s/verbose\(/pam_ssh_auth_verbose\(/g" *.h
> 0|dsl-b8|# cd ../..
> 0|dsl-b8|# make install
I'll take this as my bug in pam_ssh_agent_auth to prefix at least my more generically named symbols appropriately; I had meant to do that for several symbols as I had done for "error", but then became side-tracked and forgot about it.
-- Jamie.
More information about the sudo-users
mailing list