thr3ads.net - openssh bugs - [Bug 727] sshd built w/o pam support bypasses non-pam authentication code [Oct 2003]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at mindrot.org

2003-Oct-03 15:23 UTC

[Bug 727] sshd built w/o pam support bypasses non-pam authentication code

http://bugzilla.mindrot.org/show_bug.cgi?id=727

           Summary: sshd built w/o pam support bypasses non-pam
                    authentication code
           Product: Portable OpenSSH
           Version: 3.7.1p1
          Platform: Sparc
        OS/Version: Solaris
            Status: NEW
          Severity: security
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: sshbugs at nissenhut.com


OpenSSH built without PAM support still gets options.use_pam = 1 set in 
servconf.c. This causes code in other modules (e.g. auth.c) intended for non-
PAM sshds to be bypassed. 

I noticed this while trying to determine why OpenSSH on Solaris 8 was not 
processing expiration dates in /etc/shadow, despite code in auth.c:allowed_user
() intended to do this.

This has some security impact as it causes sshd to permit user logins that 
would be prohibited by /bin/login. 

Followup to bug #647 refers to the this setting of use_pam.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at mindrot.org

2003-Oct-03 15:37 UTC

head link

[Bug 727] sshd built w/o pam support bypasses non-pam authentication code

http://bugzilla.mindrot.org/show_bug.cgi?id=727





------- Additional Comments From dtucker at zip.com.au  2003-10-04 01:37 -------
This has been fixed in 3.7.1p2: UsePAM now defaults to no, including when built 
without PAM support.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

bugzilla-daemon at mindrot.org

2003-Oct-07 06:47 UTC

head link

[Bug 727] sshd built w/o pam support bypasses non-pam authentication code

http://bugzilla.mindrot.org/show_bug.cgi?id=727

dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED



------- Additional Comments From dtucker at zip.com.au  2003-10-07 16:47 -------
Should have closed this earlier: is fixed in 3.7.1p2.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

openssh bugs - Oct 2003 - [Bug 727] sshd built w/o pam support bypasses non-pam authentication code

[Bug 727] sshd built w/o pam support bypasses non-pam authentication code

[Bug 727] sshd built w/o pam support bypasses non-pam authentication code

[Bug 727] sshd built w/o pam support bypasses non-pam authentication code