Segfaults in MIT libkrb5

Fredrik Tolf fredrik at dolda2000.com
Mon Dec 18 17:47:47 EST 2006 

On Sun, 2006-12-17 at 00:43 -0500, Theodore Tso wrote:
> On Fri, Dec 15, 2006 at 02:55:02AM +0100, Fredrik Tolf wrote:
> > However, this does seem like a bug, right? As I see it, the fault can be
> > considered to lie with the Kerberos library, in which case it should be
> > fixed. I would guess that the right fix would be using the _fini symbol
> > to unregister the tables again. (However, it seems that the manpage for
> > dlopen, on Linux at least, recommends against that, for reasons that
> > aren't entirely clear to me, but may have to do with that GNU's
> > __attribute__((constructor)) might stop working then.) I don't know how
> > portable that is, though.
> 
> The _fini symbol is being registered as a destructor, so it should be
> getting called when the krb5 library is unloaded.  At least, it is on
> krb5 1.4.4 from Debian unstable.  However, you said that your program
> was linking against krb5 as well, and at least in the past, dynamic
> linkers have not always done the right thing when multiple libraries
> which define the same symbol.  

Then again, working around bugs in dynlinkers isn't really Kerberos'
job, is it? If people are running systems with buggy dynlinkers,
shouldn't they expect related bugs in programs that use dynamic linking?

I'm pretty sure it shouldn't be a problem on any system which uses PAM,
at least, since the PAM interface is defined around standardized symbol
names (for example, PAM always calls the function identified by the
symbol pam_sm_authenticate to do authentication in a module).

> If you are willing to recompile e2fsprogs (which is the source of the
> system com_err library), please try applying this patch and try
> running your program (without the LD_PRELOAD hack) with the
> environment variable COMERR_DEBUG set to the value 1 and let us know
> what you see.  That should help us see if the remove_error_table is
> getting called, and with what arguments.

Is it really necessary to patch libcom_err? Can't I just attach gdb to
it and have it break on remove_error_table?

Fredrik Tolf

More information about the Kerberos mailing list