Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 6191 - su: Segmentation fault
Summary: su: Segmentation fault
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: pam
Version: 6.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Cristian Gafton
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 1999-10-21 17:31 UTC by vadim
Modified: 2008-05-01 15:37 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2000-02-05 22:13:27 UTC

Attachments (Terms of Use)

Description vadim 1999-10-21 17:31:14 UTC
Redhat 6.1 standart configuration from CD, (ISO from

PC: Intel Pentium III 450 MHz, 256 RAM, SCSI hard drive, S3
TrioV2 video adapter.

When run as normal user "su" - receive "Segmentation fault"

Comment 1 vadim 1999-10-22 08:56:59 UTC
problem only with certain types telnet programs.
RedHat 5.2, Slackware 4.0 - such problems have not.

Comment 2 Tomasz Kepczynski 1999-12-21 08:12:59 UTC
I have seen very similar problem but for root user. 'su' command without '-'
(like for example 'su news') ends up with segmentation fault (but I wasn't able
to produce core dump even with unlimited coredumpsize). 'su - news' works
'su' itself from normal user account prompts for password and works fine.
This bug causes segfault from '/etc/cron.daily/slrnpull-expire'.
The problem shows itself when logged on console and from kdm. I haven't tried
remote logins nor gdm.

Comment 3 Tomasz Kepczynski 2000-01-13 19:58:59 UTC
The problem seems to be related to pam_xauth module and probably should be
solved there. To reproduce a fault you need two things: be logged as root and
have empty DISPLAY variable (so that getenv("DISPLAY") returns empty string,
not NULL). Then try su anybody and thats it.
I suppose the problem lies in pam_xauth.c at line 484 when you try to
free the pointer returned by getenv. I am quite sure you can't do that (but
man page doesn't say a word about it).
pam is pam 0.68-7

Comment 4 Nalin Dahyabhai 2000-02-05 22:13:59 UTC hit it exactly.  This will be fixed in pam-0.72-6 and later in
Raw Hide and future releases.

Note You need to log in before you can comment on or make changes to this bug.