Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: OpenSSH: Bugs

[Bug 1945] Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes

 

 

OpenSSH bugs RSS feed   Index | Next | Previous | View Threaded


bugzilla-daemon at bugzilla

Dec 1, 2011, 4:11 PM

Post #1 of 2 (129 views)
Permalink
[Bug 1945] Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes

https://bugzilla.mindrot.org/show_bug.cgi?id=1945

Damien Miller <djm [at] mindrot> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm [at] mindrot

--- Comment #1 from Damien Miller <djm [at] mindrot> 2011-12-02 11:11:34 EST ---
I don't think the proposed fix is correct - it would allow
sshpam_cleanup() to run with a NULL pam handle and probably SEGV when
it makes its first PAM call.

Perhaps we should relax the !mm_is_monitor() check somehow though.
Maybe we could add a new monitor call to run the PAM cleanup as root?

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs


bugzilla-daemon at bugzilla

Dec 12, 2011, 10:10 PM

Post #2 of 2 (106 views)
Permalink
[Bug 1945] Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes [In reply to]

https://bugzilla.mindrot.org/show_bug.cgi?id=1945

balu9463 [at] gmail changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |balu9463 [at] gmail

--- Comment #2 from balu9463 [at] gmail 2011-12-13 17:10:37 EST ---
Right, I overlooked the Null Pam handle.

Wouldn't relaxing the mm_is_monitor and only checking for privsep work
if (sshpam_handle == NULL && use_privsep)

--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

OpenSSH bugs RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.