openssh unix dev - Apr 2002 - [Bug 228] New: pam_krb5 on Solaris creates credentials with wrong owner

http://bugzilla.mindrot.org/show_bug.cgi?id=228

           Summary: pam_krb5 on Solaris creates credentials with wrong owner
           Product: Portable OpenSSH
           Version: 3.1p1
          Platform: UltraSparc
        OS/Version: Solaris
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: gunnar at Astrogator.SE


pam_setcred() is called before the UID is set to the users own, and pam_krb5 on
Solaris sets the owner of of the /tmp/krb5cc_xxx file to root.
The pam_krb5 module should really check this, but it does not, and a simple
workaround is to move the setcred call to after the UID setting.

*** session.c-ORG	Mon Feb 25 16:48:03 2002
--- session.c	Mon Apr 22 03:48:01 2002
***************
*** 1135,1140 ****
--- 1135,1145 ----
  			exit(1);
  		}
  		endgrent();
+ # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) ||
defined(WITH_IRIX_ARRAY)
+ 		irix_setusercontext(pw);
+ #  endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) ||
defined(WITH_IRIX_ARRAY) */
+ 		/* Permanently switch to the desired uid. */
+ 		permanently_set_uid(pw);
  # ifdef USE_PAM
  		/*
  		 * PAM credentials may take the form of supplementary groups. 
***************
*** 1143,1153 ****
  		 */
  		do_pam_setcred(0);
  # endif /* USE_PAM */
- # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) ||
defined(WITH_IRIX_ARRAY)
- 		irix_setusercontext(pw);
- #  endif /* defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) ||
defined(WITH_IRIX_ARRAY) */
- 		/* Permanently switch to the desired uid. */
- 		permanently_set_uid(pw);
  #endif
  	}
  	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
--- 1148,1153 ----



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.