[torqueusers] Re: pam_authuser segfaults

Jim Prewett download at hpc.unm.edu
Fri Jan 19 09:35:26 MST 2007 

Hi Mischa,

Wow, I've not looked at that code in a while.  It was written in early 
2004, so nearly 3 years ago now :)  I'm glad someone is using it :)

I am not responsible for any files besides the README.pam_authuser, 
pam_authuser.c, and the Makefile.  I do not currently do a very good job 
of maintaining pam_authuser (I can't seem to find a link from my webpage 
even :)

Looking over the code, I think you've nailed the bug dead-on.  That memory 
should not be freed. (oops!  I wish C were more like Lisp ;P :)

I have asked the torque developers in the past how I might change the 
sources they have - I think I would personally prefer that they maintain 
the official pam_authuser module and let me hack on other things :)  I 
don't believe I've ever gotten a response to that question.

SUSE was not nearly as popular (in the US) in 2004 as it is today; I 
hadn't done much work with it at that time.  I think you're right that 
information on SUSE, etc. should be included when possible.

Jim

James E. Prewett                    Jim at Prewett.org download at hpc.unm.edu 
Systems Team Leader           LoGS: http://www.hpc.unm.edu/~download/LoGS/ 
Designated Security Officer         OpenPGP key: pub 1024D/31816D93    
HPC Systems Engineer III   UNM HPC  505.277.8210

On Fri, 19 Jan 2007, Mischa Salle wrote:

> Dear Jim,
> 
> I got a segmentation fault coming from pam_authuser (from the
> torque-2.1.6 contrib directory). I managed to trace it to the
> two free() calls
> 153:    free(authuser_file_list[i]);
> 157:	free(netgroups[i]);
> They free memory which isn't allocated by pam_authuser, but seems (part
> of) argv[], hence the segfault. The other two related free statements,
> just after the for-loops, are ok, as they free the memory allocated
> (line 238) for the pointer array.
> 
> (It uses sshd from openssh-4.2p1 (SUSE rpm openssh-4.2p1-18.x86_64.rpm)
> and pam-0.99.3.0 (SUSE rpm pam-0.99.3.0-25.x86_64.rpm)).
> 
> Two other remarks:
> - on SUSE systems, there is no system-auth file, it is split over a
>   number of files (in /etc/pam.d), and common-account is the one to edit
>   in this case.
> - on 64bits (at least on SUSE) pam libraries are by default in
>   /lib64/security/
> It might be good to mention something about different filelocations in
> the README.
> 
> Best regards,
> 
>     Mischa Sallé
> 
> -- 
> Dpto. de Física Teórica C-XI               mischa.salle at uam.es
> Universidad Autónoma de Madrid             Tel. +34 91 497 4897
> Cantoblanco, 28049 Madrid                  Fax  +34 91 497 3936
> SPAIN				           Room 506
>               http://lattice.ft.uam.es/perpag/salle/
>           __ .. ... _._. .... ._  ... ._ ._.. ._.. .._..
>

More information about the torqueusers mailing list