occasional segfaults from a pam module written in go

[Peter Moody]

Howdy go-gurus:

I'm trying to write a pam module in go [1] using and I'm getting hard to debug, *occasional* segfaults that seem to be related to the go pam library. 

I know it's a longshot, but I was hoping someone here might have a "well duh!" moment and tell me what obvious thing I'm missing.

I have a main.go of

$ cat main.go

package main

//#include <security/pam_appl.h>

//#cgo LDFLAGS: -lpam

//#cgo CFLAGS: -fPIC -DPIC

import "C"

//export pam_sm_authenticate

func pam_sm_authenticate(pamh *C.pam_handle_t, flags, argc int, argv **C.char) int {

  return 0

}

func main() {}

I'm building this with:

$ go build -buildmode=c-shared -o test_pam.so main.go

when I actually go to use that module (eg, with sudo), sudo succeeds, but segfaults every 3rd run or so. eg,

$ sudo -k ; sudo ls &>/dev/null

$ sudo -k ; sudo ls &>/dev/null

$ sudo -k ; sudo ls &>/dev/null # sudo ls succeeds here, but I get a segfault before returning to the shell

Segmentation fault (core dumped)

the core file isn't super helpful, but dmesg tells me that the segfault was actually libaudit. The reason I'm thinking that it has to do with go is because if I have a main.go of

$ cat main.go

package main

//export Authenticate

func Authenticate() int {

  return 0

}

func main() {}

and a pam_test.c of 

$ cat pam_test.c

#include <security/pam_appl.h>

#include "test_pam.h"

int pam_sm_authenticate(pam_handle_t *pamh, int flags, int argc, const char **argv) {

  //return Authenticate()

  return 0;

}

*that* only segfaults (again, occasionally) if I call the go module. If I just return 0, everything is fine.

Anyway like I said, I know this is a long shot, but does anyone have any idea what might be going on? I've tried mucking with the GC, with MAXPROCS (the randomness made me think it was a race condition ..), etc, all to no effect.

Cheers,

peter

[1] I'm writing a replacement for pam-ssh-agent-auth that can authenticate against ssh certificates.

[Matt Harden]

I don't think I would write a PAM module using Go. PAM modules get loaded into many different programs and I think the Go runtime may not play well in all those environments. I'm thinking of things like Go's signal handling, garbage collection and use of threads. You might have better luck by using gccgo instead of gc; I think that integrates better with C programs.

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.