sudo: pam_mount.c:417: modify_pm_count: Assertion `user != ((void *)0)' failed.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
sudo |
Unknown
|
Unknown
|
|||
libpam-mount (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Precise |
Invalid
|
Undecided
|
Unassigned | ||
sudo (Debian) |
Fix Released
|
Unknown
|
|||
sudo (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Precise |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Stable Release Update request
[Impact]
Pluggable Authentication Module (PAM) pam_open_session() is not called by sudo when a timestamp is still valid (currently 15 minutes) leading to unexpected behaviour and (sometimes hidden) failures of PAM session modules. The issue will affect *all* PAMs although it is revealed by libpam-mount through this assert() causing an Abort.
Due to significant code refactoring to support a plug-in architecture upstream between the Oneiric (1.7.4p6) and Precise (1.8.3p1) versions of sudo a hidden bug in sudo's use of the PAM library has been revealed by systems that have libpam-mount installed. This is only installed as a reverse dependency of sadms or else manually to support auto-mounting of user encfs volumes. The issue will affect *all* PAMs.
[Development Fix]
I reported the bug to upstream sudo and Rob Miller (upstream author) promptly investigated and published a patch against upstream's development tip and the imminent 1.8.5 release candidate. The patch fixes the issue for upstream.
[Stable Fix]
Backporting the upstream fix required moving patch hunks around to different files to account for the changes since Precise's 1.8.3p1. Although transformed, the patch doesn't add or remove any additional logic - it just accounts for variable name-changes and code that had moved to alternate functions. The patch is on my linked bzr branch.
[Test Case]
1. Install libpam-mount
2. Repeatedly run sudo within the default 15 minute timestamp caching window
sudo apt-get install libpam-mount
sudo echo TEST
sudo echo TEST
sudo echo TEST
[Regression Potential]
No regression potential. Returns functional behaviour to that expected by PAMs .
--- Original Report ---
When running sudo it executes properly the first time during a session but, after credentials are cached, further attempts result in an error:
sciri@Rico:~$ sudo id
[sudo] password for sciri:
uid=0(root) gid=0(root) groups=0(root)
sciri@Rico:~$ sudo id
uid=0(root) gid=0(root) groups=0(root)
sudo: pam_mount.c:417: modify_pm_count: Assertion `user != ((void *)0)' failed.
Aborted
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: libpam-mount 2.10-2
ProcVersionSign
Uname: Linux 3.2.0-14-generic x86_64
NonfreeKernelMo
ApportVersion: 1.91-0ubuntu1
Architecture: amd64
CheckboxSubmission: 15c9c9b122c9273
CheckboxSystem: 7e42599bda39ea7
Date: Mon Feb 6 14:21:24 2012
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Beta amd64+mac (20110901)
SourcePackage: libpam-mount
UpgradeStatus: Upgraded to precise on 2012-02-06 (0 days ago)
Related branches
- Colin Watson: Approve
-
Diff: 128 lines (+108/-0)3 files modifieddebian/changelog (+6/-0)
debian/patches/lp927828-fix-abort-in-pam-modules-when-timestamp-valid.patch (+101/-0)
debian/patches/series (+1/-0)
description: | updated |
Changed in sudo: | |
status: | Unknown → New |
Changed in sudo (Debian): | |
status: | Unknown → New |
Changed in sudo (Ubuntu): | |
status: | Confirmed → In Progress |
assignee: | nobody → TJ (intuitivenipple) |
Changed in sudo (Ubuntu): | |
status: | In Progress → New |
Changed in sudo (Ubuntu): | |
status: | Confirmed → Triaged |
importance: | Undecided → High |
description: | updated |
Changed in sudo (Ubuntu): | |
assignee: | TJ (intuitivenipple) → nobody |
Changed in libpam-mount (Ubuntu Precise): | |
status: | New → Invalid |
Changed in sudo (Ubuntu Precise): | |
status: | New → Fix Committed |
Changed in libpam-mount (Ubuntu): | |
status: | Confirmed → Invalid |
Changed in sudo (Debian): | |
status: | New → Fix Released |
Status changed to 'Confirmed' because the bug affects multiple users.