krb5-1.8-alpha1 is available
Douglas E. Engert
deengert at anl.gov
Mon Jan 18 11:11:55 EST 2010
Tom Yu wrote:
> "Douglas E. Engert" <deengert at anl.gov> writes:
>> The Sun xscreensaver appears to have a bug that overwrites memory.
>> I have seen this with krb5-1.7 and got around it. It looks like it
>> is overwriting something different in krb5-1.8 with worse results then
>> in krb5-1.7. More tests are needed.
> What were the characteristics of the xscreensaver failure with 1.7?
xscreensaver was overwriting the first entry in the et_list allocated
in error_message.c. This would cause a segfault in the com_err_terminate
when it tried to free the table as the lib was being unloaded. The attached
patch allocated a dummy entry which then got over written, so the lib
would unload, but leaked a dummy entry each time.
I was using the xscreesaver that came with Solaris 10. This is a bear to
debug as it is setuid, loads all of X, PAM and nss libs, it forks a process
to read from the screen and I do not have the source of xscreensaver that
matches the version I was running. I could not pin down what the over write
happened, it was not during Russ's pam_krb5, as I added code in it to
see when the over write occurred.
Since xscreensaver failed differently with krb5-1.8 I expect something
else is getting over written. I have not gone back to see what that might be.
I would expect the Solaris developers will run into something like this
when they test xscreensaver.
Douglas E. Engert <DEEngert at anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
More information about the krbdev