Generally, When it crashes I get also the two aforementioned messages in /var/log/messages. Of course, it didn't crash in this case since no such messages were reported in messages log file. And audit log shows only old records about it, no current one:
Well, it doesn't crash in this case:
[snap@thoth ~]$ echo -ne '******\0000' | /sbin/unix_chkpwd snap nullok ; echo $?
0
[snap@thoth ~]$
Generally, When it crashes I get also the two aforementioned messages in /var/log/messages. Of course, it didn't crash in this case since no such messages were reported in messages log file. And audit log shows only old records about it, no current one:
# ausearch -i | grep unix_chkpwd | tail -n 5 03/03/2009 21:14:30.477:92) : auid=snap uid=snap gid=snap ses=1 pid=12474 comm=unix_chkpwd sig=Segmentation fault 03/03/2009 21:14:30.483:93) : auid=snap uid=snap gid=snap ses=1 pid=12475 comm=unix_chkpwd sig=Segmentation fault 03/03/2009 21:23:44.502:95) : auid=snap uid=snap gid=snap ses=1 pid=12805 comm=unix_chkpwd sig=Segmentation fault 03/03/2009 21:24:35.600:96) : user pid=12819 uid=snap auid=snap ses=1 msg='op= PAM:unix_ chkpwd acct=snap exe=/sbin/ unix_chkpwd (hostname=?, addr=?, terminal=pts/0 res=success)' 03/03/2009 21:23:44.499:94) : auid=snap uid=snap gid=snap ses=1 pid=12804 comm=unix_chkpwd sig=Segmentation fault
type=ANOM_ABEND msg=audit(
type=ANOM_ABEND msg=audit(
type=ANOM_ABEND msg=audit(
type=USER_AUTH msg=audit(
type=ANOM_ABEND msg=audit(
#
When replacing nullok with some bogus word:
[snap@thoth ~]$ echo -ne 'id5n4pIT\0000' | /sbin/unix_chkpwd snap fakeword ; echo $?
bash: echo: write error: Broken pipe
4
[snap@thoth ~]$
indeed it returns 4 and no crash is reported: messages log file is clean and audit log reports:
type=ANOM_EXEC msg=audit( 03/03/2009 21:30:21.705:97) : user pid=12965 uid=snap auid=snap ses=1 msg='op= PAM:unix_ chkpwd acct=snap exe=/sbin/ unix_chkpwd (hostname=?, addr=?, terminal=pts/0 res=failed)'
That's it for now. Thanks again Tomas.