Tags Tags

Bug#646478: since sudo v1.8.3-1 lots of PAM NULL pam handle passed log entries

October 24th, 2011 - 09:20 am ET by Marc-Christian Petersen | Report spam
Help Create a new topic
Package: sudo
Version: 1.8.3-1
Severity: normal

Hi,

since upgrade to sudo 1.8.3-1 I get lots of these log entries
in my syslog:

Oct 24 15:01:31 hostname sudo: PAM pam_set_item: NULL pam handle passed
Oct 24 15:01:31 hostname sudo: PAM pam_setcred: NULL pam handle passed
Oct 24 15:01:31 hostname sudo: PAM pam_open_session: NULL pam handle passed
Oct 24 15:01:31 hostname sudo: PAM pam_end: NULL pam handle passed

when using sudo with, let's say, Nagios, which has an entry like this
in /etc/sudoers:

User_Alias NAGIOS = nagios, nrpe
NAGIOS ALL = NOPASSWD: /bin/dmesg

this worked since decates until 1.8.3 :(


Debian Release: wheezy/sid
Architecture: amd64 (x86_64)

Kernel: Linux 3.0.4-grsec (SMP w/8 CPU cores; PREEMPT)
Locale: LANG=de_DE@euro, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages sudo depends on:
ii libc6 2.13-21
ii libpam-modules 1.1.3-4
ii libpam0g 1.1.3-4

sudo recommends no packages.

sudo suggests no packages.




To UNSUBSCRIBE, email to debian-bugs-dist-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
email Follow the discussionReplies 2 repliesReplies Make a reply

Replies

#1 Bob Proulx
October 25th, 2011 - 07:20 pm ET | Report spam
Marc-Christian Petersen wrote:
since upgrade to sudo 1.8.3-1 I get lots of these log entries
in my syslog:

Oct 24 15:01:31 hostname sudo: PAM pam_set_item: NULL pam handle passed
Oct 24 15:01:31 hostname sudo: PAM pam_setcred: NULL pam handle passed
Oct 24 15:01:31 hostname sudo: PAM pam_open_session: NULL pam handle passed
Oct 24 15:01:31 hostname sudo: PAM pam_end: NULL pam handle passed



I am seeing these too. Downgrading avoids the noise.

This error comes from libpam itself when called with a NULL argument.
The prototype is:

int pam_set_item(pam_handle_t *pamh, int item_type, const void *item);

Early in the pam routines there is this check:

IF_NO_PAMH("pam_set_item", pamh, PAM_SYSTEM_ERR);

Apparently 'pamh' is NULL. Looks like a usage problem.

Bob



To UNSUBSCRIBE, email to
with a subject of "unsubscribe". Trouble? Contact

Similar topics

Make your own search :