Package: libpam-ssh-agent-auth Version: 0.10.2-1.1 Severity: important Tags: upstream
When the file referenced in the SSH_AUTH_SOCK variable is present but
not serviced by an SSH agent, sudo falls back properly to other PAM
methods (eg. password entry), and then fails with
[sudo] password for root:
sudo: unable to change to root gid: Operation not permitted
sudo: unable to send audit message: Operation not permitted
zsh: segmentation fault sudo ls
, and so does su:
Password:
setgid: Operation not permitted
I can not explain how this situation occurs naturally, but it did for me
(before I could debug it in detail), and can easily be reproduced with
$ export SSH_AUTH_SOCK=/tmp/fake
$ touch $SSH_AUTH_SOCK
.
The situation can be worked around by deleting the stale auth sock and
unsetting the environment variable, but this should be drilled down into
by libpam-ssh-agent-auth.
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.7.0-rc1+ (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages libpam-ssh-agent-auth:amd64 depends on:
ii libc6 2.22-9
ii libpam0g 1.1.8-3.2
ii libssl1.0.2 1.0.2h-1
libpam-ssh-agent-auth:amd64 recommends no packages.
libpam-ssh-agent-auth:amd64 suggests no packages.
-- no debconf information
--
To use raw power is to make yourself infinitely vulnerable to greater powers.
-- Bene Gesserit axiom
signature.asc
Description: PGP signature
