Author Chinh Nguyen
Recipients Chinh Nguyen
Date 2017-04-17.14:18:15
SpamBayes Score -1.0
Marked as misclassified Yes
Message-id <>
I'm using ctypes to access the PAM library to change a user's password. That is, using the function pam_chauthtok. This is occurring inside a python celery worker in FreeBSD. This will work the first time, the second time generates a segfault and crashes the worker.

On attaching gdb to the worker process, I observe the following:
* Crash occurs in function login_setcryptfmt
* Setting a breakpoint there, I see the following after the first successful password change "warning: Temporarily disabling breakpoints for unloaded shared library "/lib/"
* When there is segfault on the second password change, the location of the segfault cannot be disassemble
* It doesn't look like libcrypt is a direct dependency of libpam.

So it looks like what is happening is this:
* libcrypt is loaded (by python/system?) to invoke some password-related functions, it is then unloaded (by python/system?)
* When the same function is invoked again, somehow libcrypt does not get loaded. This results in a function call to the same function address which is now invalid.

My current work-around is to include libcrypto explicitly by binding to it though I don't use it directly. For example, libcrypt = CDLL(find_library("crypt")).

Other notes:
* This does not occur if I launch celery worker all running in the same process via the celery "green threads" module eventlet
* This only happens if the celery worker is a python child process. I don't know how celery spawns child processes.
Date User Action Args
2017-04-17 14:18:15Chinh Nguyensetrecipients: + Chinh Nguyen
2017-04-17 14:18:15Chinh Nguyensetmessageid: <>
2017-04-17 14:18:15Chinh Nguyenlinkissue30089 messages
2017-04-17 14:18:15Chinh Nguyencreate