openssh bugs - Nov 2003 - [Bug 757] KRB5CCNAME inherited from root's environment under AIX

http://bugzilla.mindrot.org/show_bug.cgi?id=757

           Summary: KRB5CCNAME inherited from root's environment under AIX
           Product: Portable OpenSSH
           Version: -current
          Platform: PPC
        OS/Version: AIX
            Status: NEW
          Severity: minor
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: dopheide at ncsa.uiuc.edu


Under AIX, if you restart sshd as root while you have KRB5CCNAME set in
root's
environment (typical after 'ksu'ing), the value of KRB5CCNAME will be
inherited
by all connecting clients.  The code that causes this inheritance is in
session.c. Darren Tucker on the openssh-unix-dev mailling list thinks this is
due to how AIX's authenticate() function works (seen in auth-passwd.c).

As a result, the correct fix would be to unset KRB5CCNAME from the environment
at the start.  Unfortunately, unsetenv() isn't a standard call on AIX
systems.
I will attach a patch that fixes this problem.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=757





------- Additional Comments From dopheide at ncsa.uiuc.edu  2003-11-12 16:30
-------
Created an attachment (id=497)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=497&action=view)
unsets KRB5CCNAME at the beginning of main() in sshd.c




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=757

dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
 Attachment #497 is|0                           |1
           obsolete|                            |



------- Additional Comments From dtucker at zip.com.au  2003-11-12 22:43 -------
Created an attachment (id=498)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=498&action=view)
Add unsetenv() to openbsd-compat

This bit:  strncmp(*curenv, krbccenv, strlen(krbccenv)) == 0
will match env variables longer than 10 chars where the first 10 are
"KRB5CCNAME".

AIX 5.2, at least, has an unsetenv(), so I think we should use it where
possible, and add one to openbsd-compat for versions that don't have it.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.