bugzilla-daemon at mindrot.org
2006-Oct-09 01:48 UTC
[Bug 1249] pam_open_session called with dropped privs
http://bugzilla.mindrot.org/show_bug.cgi?id=1249
Summary: pam_open_session called with dropped privs
Product: Portable OpenSSH
Version: 4.4p1
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: dleonard at vintela.com
pam_open_session() is being called with euid/uid set to the
authenticated user (instead of root)
It seems that do_setusercontext() calls setpcred() early, but
setpcred() has the effect of setting uid/euid to the authenticated
user. This can't be undone, and the subsequent calls to
do_pam_session() are unprivileged.
This is bad for our pam module that creates missing home directories.
Reproduced on oslevels 4330-11, 5100-03, 5200-04
See also: bug 261
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Oct-09 01:51 UTC
[Bug 1249] pam_open_session called with dropped privs
http://bugzilla.mindrot.org/show_bug.cgi?id=1249 ------- Comment #1 from dleonard at vintela.com 2006-10-09 11:51 ------- (In reply to comment #0)> Reproduced on oslevels 4330-11, 5100-03, 5200-04clarification: the 4330-11 refers to my instrumenting of the setpcred call; no pam was involved on aix4.3.3 ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Oct-09 01:54 UTC
[Bug 1249] pam_open_session called with dropped privs
http://bugzilla.mindrot.org/show_bug.cgi?id=1249 ------- Comment #2 from dtucker at zip.com.au 2006-10-09 11:54 ------- FWIW I think the right way to deal with this is via the same method proposed in bug #926: move the PAM session open/close into the monitor. (That is not without its own issues as you can see from the bug, but if we can get those sorted then I think it's the best long-term solution). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Oct-09 03:01 UTC
[Bug 1249] pam_open_session called with dropped privs
http://bugzilla.mindrot.org/show_bug.cgi?id=1249 ------- Comment #3 from dleonard at vintela.com 2006-10-09 13:00 ------- Created an attachment (id=1200) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1200&action=view) move setpcred() to just before permanently_set_uid() moving setpcred till later works for me. (see also: bug 969) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.