Similar issue in pam_unix was fixed by commit Linux-PAM-0-73~8.

* modules/pam_xauth/pam_xauth.c (run_coprocess): In the parent process, close the read end of input pipe after writing to its write end. --- modules/pam_xauth/pam_xauth.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/pam_xauth/pam_xauth.c b/modules/pam_xauth/pam_xauth.c index 88624b1..2ee1e8f 100644 --- a/modules/pam_xauth/pam_xauth.c +++ b/modules/pam_xauth/pam_xauth.c @@ -178,12 +178,12 @@ run_coprocess(pam_handle_t *pamh, const char *input, char **output, }

/* We're the parent, so close the other ends of the pipes. */ - close(ipipe[0]); close(opipe[1]); /* Send input to the process (if we have any), then send an EOF. */ if (input) { (void)pam_modutil_write(ipipe[1], input, strlen(input)); } + close(ipipe[0]); /* close here to avoid possible SIGPIPE above */ close(ipipe[1]);

/* Read data output until we run out of stuff to read. */