passwd/unix_chkpwd fails with PAM 1.6.0 and linux-hardened kernel

Question

passwd/unix_chkpwd fails with PAM 1.6.0 and linux-hardened kernel

Opened this issue 9 months ago · 1 comments

Hi,

I originally created this issue in PAM, see https://github.com/linux-pam/linux-pam/issues/768. But they pointed out that this might be possibly caused by the restricted access to unix_chkpwd when using the hardened kernel. So I was hoping that maybe you guys could help me to figure it out. :)

I am using Arch Linux with the latest linux-hardened kernel.

Since pam 1.6.0, I get the following error when running passwd as root:

[root@archlinux ~]# uname -a 
Linux archlinux 6.7.4-hardened1-1-hardened #1 SMP PREEMPT_DYNAMIC Tue, 13 Feb 2024 19:05:48 +0000 x86_64 GNU/Linux
[root@archlinux ~]# pacman -Q | grep -w pam
pam 1.6.0-4
[root@archlinux ~]# passwd
passwd: Authentication failure
passwd: password unchanged

Non-root users are not affected. Downgrading to PAM 1.5.3 solves the issue. Also this does not occur when using the stock linux kernel.

I attached the strace output here for further analysis.

Would be grateful for any help :)

Answer 1 · 2024-03-27T06:57:40.000Z

Can be closed, see https://gitlab.archlinux.org/archlinux/packaging/packages/linux-hardened/-/issues/5