openssh bugs - Jul 2004 - [Bug 839] Privilege Separation + PAM locks users out

http://bugzilla.mindrot.org/show_bug.cgi?id=839

peak at argo.troja.mff.cuni.cz changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |



------- Additional Comments From peak at argo.troja.mff.cuni.cz  2004-07-21
09:20 -------
There is a bug in the patch: waitpid() with ENOHANG can return 0 if the child is
still alive. The corresponding piece of code in sshpam_sigchld_handler() should
look like this one:

+       int res;
...
+       res = waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status,
WNOHANG);
+       if (res == 0 || res == -1) {
+               /* PAM thread has not exitted, privsep slave must have */
+               kill(cleanup_ctxt->pam_thread, SIGTERM);
+               res = waitpid(cleanup_ctxt->pam_thread,
&sshpam_thread_status, 0);
+               if (res == -1)
+                       return; /* could not wait */
+       }




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=839

dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|REOPENED                    |RESOLVED
         Resolution|                            |FIXED



------- Additional Comments From dtucker at zip.com.au  2004-07-21 16:49 -------
This has already been fixed in -current:

20040711
 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows
   the monitor to properly clean up the PAM thread (Debian bug #252676).




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.