krb5-1.8-alpha1 is available

Douglas E. Engert deengert at
Mon Jan 18 11:11:55 EST 2010

Tom Yu wrote:
> "Douglas E. Engert" <deengert at> writes:
>>   The Sun xscreensaver appears to have a bug that overwrites memory.
>>   I have seen this with krb5-1.7 and got around it. It looks like it
>>   is overwriting something different in krb5-1.8 with worse results then
>>   in krb5-1.7. More tests are needed.
> What were the characteristics of the xscreensaver failure with 1.7?

xscreensaver was overwriting the first entry in the et_list allocated
in error_message.c.  This would cause a segfault in the com_err_terminate
when it tried to free the table as the lib was being unloaded. The attached
patch allocated a dummy entry which then got over written, so the lib
would unload, but leaked a dummy entry each time.

I was using the xscreesaver that came with Solaris 10. This is a bear to
debug as it is setuid, loads all of X, PAM and nss libs, it forks a process
to read from the screen and I do not have the source of xscreensaver that
matches the version I was running. I could not pin down what the over write
happened, it was not during Russ's pam_krb5, as I added code in it to
see when the over write occurred.

Since xscreensaver failed differently with krb5-1.8 I expect something
else is getting over written. I have not gone back to see what that might be.

I would expect the Solaris developers will run into something like this
when they test xscreensaver.


  Douglas E. Engert  <DEEngert at>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444

More information about the krbdev mailing list