Bug 643

Summary: sshd bus faults (64bit) or segfaults (32bit) when reading /etc/default/login
Product: Portable OpenSSH Reporter: Darren Tucker <dtucker>
Component: sshdAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: critical    
Priority: P1    
Version: -current   
Hardware: UltraSPARC   
OS: Solaris   
Attachments:
Description Flags
Fix size_t -> u_int
none
Check for missing /etc/default/login none

Description Darren Tucker 2003-09-17 10:13:56 AEST 
This can be worked around by commenting out the line in config.h that contains 
"HAVE_ETC_DEFAULT_LOGIN" and recompiling.
Comment 1 Darren Tucker 2003-09-17 10:23:53 AEST 
Created attachment 402 [details]
Fix size_t -> u_int
Comment 2 Darren Tucker 2003-09-17 23:35:32 AEST 
Created attachment 410 [details]
Check for missing /etc/default/login

Test for NULL pointer deref when /etc/default/login does not exist.
Patch from Georg Oppenberg (georg.oppenberg at deu mci com)
Comment 3 Andreas Kuntzagk 2003-09-18 19:08:30 AEST 
while the workaround is fine if you know at compile time, that
/etc/default/login is not existing or not readable, it creates problems, if this
is changed at a later time.

E.g. using the TITAN system hardening scripts sets this to non-user-readable.
login to sshd will silently fail without an explanation.
Had a hard time figuring out the cause of this.
Comment 4 Darren Tucker 2003-09-18 19:44:21 AEST 
Agreed about the work-around, but attachment id #410 seems to solve it properly
for me (tested Solaris 8, sun4m, unreadable and missing file).  If
/etc/default/login is not readable by the user, you won't get the settings in
it, though.
Comment 5 Darren Tucker 2003-09-19 20:57:53 AEST 
Have committed patch to both HEAD and 3.7 branch.
Comment 6 Damien Miller 2004-04-14 12:24:19 AEST 
Mass change of RESOLVED bugs to CLOSED