| Summary: | Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes | ||
|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | balu9463 |
| Component: | PAM support | Assignee: | Assigned to nobody <unassigned-bugs> |
| Status: | NEW --- | ||
| Severity: | normal | CC: | balu9463, djm |
| Priority: | P2 | ||
| Version: | 5.8p1 | ||
| Hardware: | All | ||
| OS: | HP-UX | ||
I don't think the proposed fix is correct - it would allow sshpam_cleanup() to run with a NULL pam handle and probably SEGV when it makes its first PAM call. Perhaps we should relax the !mm_is_monitor() check somehow though. Maybe we could add a new monitor call to run the PAM cleanup as root? Right, I overlooked the Null Pam handle.
Wouldn't relaxing the mm_is_monitor and only checking for privsep work
if (sshpam_handle == NULL && use_privsep)
|
This is my first bug report, request you to correct me if necessary. For a non root user, When ChallengeResponse is used with PAM_Kerberos and UsePrivilegeSeparation=yes, sshd creates two credential files in /tmp, and at the end of the session only one is removed $ssh system1 . . $ ps -ef | grep ssh root 170 1 0 14:01:58 ? 0:00 /opt/ssh/sbin/sshd test 245 243 0 14:03:41 ? 0:00 sshd: test@pts/0 test 242 225 0 14:03:39 pts/tb 0:00 ssh system1 root 243 170 0 14:03:39 ? 0:02 sshd: test [priv] $ ll /tmp/krb5cc* -rw------- 1 test users 416 Oct 20 14:03 /tmp/krb5cc_170_243 -rw------- 1 test users 416 Oct 20 14:03 /tmp/krb5cc_243_245 Env KRB5CCNAME is set to KRB5CCNAME=FILE:/tmp/krb5cc_243_245 On closing the session,the cache file corresponding to the nonpriv process is not removed. $ ll /tmp/krb5cc* -rw------- 1 test users 416 Oct 20 14:03 /tmp/krb5cc_243_245 I have tested this on hpux but believe the same behaviour on other OS as well. Probable fix is to change the condition in sshpam_cleanup(void)/auth-pam.c < if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor())) --- > if (sshpam_handle == NULL && (use_privsep && !mm_is_monitor()))