Segfaults in MIT libkrb5

Fredrik Tolf fredrik at dolda2000.com
Thu Dec 14 20:55:02 EST 2006


On Fri, 2006-12-15 at 00:32 +0100, Fredrik Tolf wrote:
> On Thu, 2006-12-14 at 17:36 -0500, Ken Raeburn wrote:
> >  If  
> > the PAM library does dlopen and dlclose on loaded modules, there may  
> > also be some kind of problem in that area.
> 
> Indeed, that may be the closest I've come to the truth so far, since it
> could agree with the fact that _et_list only appears to contain valid
> list entries, but unmapped tables. I've have to look at that more
> closely.

It almost certainly seems to be the case -- I verified with strace that
libkrb4.so and libdes425.so are loaded and unloaded each time PAM runs.
I have now tried starting the program with LD_PRELOAD on those two
libraries, and have verified that they are no longer mapped and unmapped
each time. Time will tell if the segfaults will continue, but I would
guess not. I'd be very surprised if the reason is elsewhere.

However, this does seem like a bug, right? As I see it, the fault can be
considered to lie with the Kerberos library, in which case it should be
fixed. I would guess that the right fix would be using the _fini symbol
to unregister the tables again. (However, it seems that the manpage for
dlopen, on Linux at least, recommends against that, for reasons that
aren't entirely clear to me, but may have to do with that GNU's
__attribute__((constructor)) might stop working then.) I don't know how
portable that is, though.

Fredrik Tolf





More information about the Kerberos mailing list