bugzilla-daemon at bugzilla.mindrot.org
2007-Nov-04 00:42 UTC
[Bug 1388] New: Parts of auth2-pubkey. c are completely devoid of debug logging
https://bugzilla.mindrot.org/show_bug.cgi?id=1388 Summary: Parts of auth2-pubkey.c are completely devoid of debug logging Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: mvolaski at aecom.yu.edu Consider this small section of code from the user_key_allowed2 function in auth2-pubkey.c /* Fail quietly if file does not exist */ if (stat(file, &st) < 0) { /* Restore the privileged uid. */ restore_uid(); return 0; } /* Open the file containing the authorized keys. */ f = fopen(file, "r"); if (!f) { /* Restore the privileged uid. */ restore_uid(); return 0; } Fail quietly? Why? And what about debugging? Someone trying to figure out why authentication has failed is merely left with a statement from later in the code sequence that just says the "key was disallowed". That's not helpful, for it's not technically true. (I haven't explored other sections of code, but in general, I think any return statement in the middle of function is a failure of that function should probably have an explanatory debug statement at some level associated with it.) -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Jun-28 14:13 UTC
[Bug 1388] Parts of auth2-pubkey.c are completely devoid of debug logging
https://bugzilla.mindrot.org/show_bug.cgi?id=1388 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |WONTFIX CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> 2008-06-29 00:13:10 --- think about it: if the file does not exist, then there are no authorised keys. This is not an error, and doesn't warrant logspam, even at debug levels. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Jun-28 22:44 UTC
[Bug 1388] Parts of auth2-pubkey.c are completely devoid of debug logging
https://bugzilla.mindrot.org/show_bug.cgi?id=1388 mvolaski at aecom.yu.edu changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|WONTFIX | Severity|enhancement |normal --- Comment #2 from mvolaski at aecom.yu.edu 2008-06-29 08:44:14 --- After all this time we're waiting for a fix and you're just blowing it off? It doesn't even look like you read my report. Please hand it off to someone else if you don't feel so inclined. By your own backward logic, how does a nonexistent key get reported as being disallowed? -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Jun-29 00:01 UTC
[Bug 1388] Parts of auth2-pubkey.c are completely devoid of debug logging
https://bugzilla.mindrot.org/show_bug.cgi?id=1388 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED Resolution| |WONTFIX --- Comment #3 from Damien Miller <djm at mindrot.org> 2008-06-29 10:00:58 --- Sorry, but I don't agree that there is any condition worth reporting here. You don't need debug output to figure out that a file that is critical to public key authentication is missing. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Jun-29 00:42 UTC
[Bug 1388] Parts of auth2-pubkey.c are completely devoid of debug logging
https://bugzilla.mindrot.org/show_bug.cgi?id=1388 --- Comment #4 from mvolaski at aecom.yu.edu 2008-06-29 10:42:12 --- Yeah, it took me the better part of a day to figure out that the message, "key is disallowed" really means the key file is missing. Perhaps users in the future who get similarly stymied will find this page on Google. They surely can't depend on your nicely informative debug logs to help them. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2008-Jul-22 02:20 UTC
[Bug 1388] Parts of auth2-pubkey.c are completely devoid of debug logging
https://bugzilla.mindrot.org/show_bug.cgi?id=1388 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #5 from Damien Miller <djm at mindrot.org> 2008-07-22 12:20:22 --- Mass update RESOLVED->CLOSED after release of openssh-5.1 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- [Bug 467] iptables is complaining with bogus unknown error 18446744073709551615
- [Bug 468] There is no real documentation for knowing how to configure the kernel for iptables
- Any word on when the ietf mib will be fixed for liebert?
- Filesystem won't mount because of "unsupported optional features (80)"
- auth2-pubkey.c - change an error message