© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
I've tracked it down! Patch attached.
There's a call-back from pam_open_session to sudo_conv, and sudo_conv calls strncmp on a null pointer. If the user's not using something that pam_mount needs a password for, then there's no call, and so no crash.
Problem is, that solving this bug reveals another couple of issues, because using sudo -u to a user affected by pam_mount requires a password for the session.
1) This would allow pam_mount to mount something, but the session isn't handled fully in sudo - it's opened then immediatly closed. This probably means that there's no benefit to the program being run of getting that password in the first place, haven't confirmed this though.
2) It also means that every init/cron script that uses sudo -u to that user will ask for a password. This may not be useful!
David.