***stack smashing detected***: /usr/sbin/openvpn: If libpam_yubico is used for authentication for 2FA.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openvpn (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I have installed OpenVPN with your pam_yubico Module as suggested at https:/
before that (without the "account required" line in /etc/pamd.
So i added it and now it's crashing the openVPN... any suggestions why this happens?
in /etc/openvpn/
[...]
plugin /usr/lib/
in /etc/pam.d/openvpn:
auth required pam_yubico.so id=<ID> \
<email address hidden> ldap_bind_
account required pam_yubico.so
/var/log/
[../pam_
[../pam_
[../pam_
[../pam_
[../pam_
[../pam_
*** stack smashing detected ***: /usr/sbin/openvpn terminated
Don't know for sure if the Problem is a openvpn or pam_yubico related bug. But it is permanent and doesn't go away with every try i had.
Greetings n-ronny
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: openvpn 2.3.10-1ubuntu2
ProcVersionSign
Uname: Linux 4.4.0-59-generic x86_64
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: amd64
Date: Thu Jan 26 16:42:41 2017
ExecutablePath: /usr/sbin/openvpn
InstallationDate: Installed on 2017-01-18 (7 days ago)
InstallationMedia: Ubuntu-Server 16.04.1 LTS "Xenial Xerus" - Release amd64 (20160719)
ProcEnviron:
TERM=linux
PATH=(custom, no user)
XDG_RUNTIME_
LANG=de_DE.UTF-8
SHELL=/bin/bash
SourcePackage: openvpn
UpgradeStatus: No upgrade log present (probably fresh install)
Hi N-Ronny, /github. com/Yubico/ yubico- pam/issues/ 26 which made me wonder.
I have never debugged openvpn/pam in that regard myself.
But I hapened to find https:/
The version is clearly older.
Now both (the yubico.so and openvpn) are build with -fstack-protector and -fstack- protector- strong. /launchpadlibra rian.net/ 294924689/ buildlog_ ubuntu- xenial- amd64.yubico- pam_2.24- 1~ppa1~ xenial1_ BUILDING. txt.gz /launchpadlibra rian.net/ 236028083/ buildlog_ ubuntu- xenial- amd64.openvpn_ 2.3.10- 1ubuntu2_ BUILDING. txt.gz
https:/
https:/
One other thing you could do is enabling some other (than yubico) pam based auth for openvpn to at least sort out the question if it is yubico or openvpn where you need to look at.