sshd when privilege separation is enabled and when a normal user logs in, writes privileged sshd's pid to the utmp file instead of writing the session leader's (shell)pid. As an effect this, the w command in linux shows that the user is currectly executing sshd, when the user is idle.
Created attachment 802 [details] pass session pid to monitor for login recording Please try this patch.
The problem was some what different than I reported. The `w` command in linux shows that the user is currectly executing sshd, when the user is switched to another user using `su` command. The patch did not solve the problem. But it writes the correct pid. This patch introduces another issue that when the user logged out, it did not clear the wtmp and we get a "gone - no logout" when `last` command is executed. system: Fedora Core release 2 Kernel : linux-2.6.5-1.358
This fix (ID=802) fixes one problem in hpux. Previously, the logname command didn't worked in hpux, but now with this fix it is working. However even after the user logs out, the last command still displays that the user is "still logged in". This happens when privilegeseparation is enabled.
Created attachment 821 [details] pass session pid to monitor for login recording, record session logout too
Yes, the patch (id=821) works in hpux.
Is this patch for login recording and logout will be in next release?
No, the patch has not been committed. I don't think it's quite right either, I think it writes the pid of the unprivileged sshd not the pid of the shell.
I tried passing SIGTERM to the sshd user process after applying the patch (id=821) and it is not cleaning up the wtmp entries. What would be needed in the patch additionaly so that proper pid is passed at the time of cleaning wtmp entries when SIGTERM is received.
What makes the difference between recording unprivileged sshd process and forked shell pid of this process in either utmp or wtmp and why it should be like that? On what basis the getlogin() call works?. In base code, unprivileged sshd process pid is logged and getlogin() call fails on HP-UX. But with the patch (id 821) the same unprivileged sshd process pid is logged and getlogin() call now succeeds. IS there any other information logging significant in this regard?.
A change for comment #9, with the patch id 821, it logs the same process id 0 for login. As a result when the user logout in one session, all the entires related to the user or someother user in wtmp are cleaned for all sessions even when the users doesn't logout in other sessions.
Created attachment 916 [details] Patch for logging,clearing shell pid during login and logout The attached patch logs the shell pid to utmp/wtmp files during login if privilegeseparation is enabled. It also clears the shell pid from these files during logout with privilegeseparation enabled. I tested the patch and it works fine. Let me know the comments on the patch.
Is the bug related to this vulnerability: http://secunia.com/advisories/22771/ I am new to the linux platform. I would like to know the steps to reproduce the bug. thank you.
No, that was completely unrelated problem.
Hi does anyone know how to fix this? this was long time ago Castro B. http://internetvergelijken.nl