openssh bugs - Dec 2007 - [Bug 926] pam_session_close called as user or not at all

https://bugzilla.mindrot.org/show_bug.cgi?id=926


Darren Tucker <dtucker at zip.com.au> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |1353




--- Comment #27 from Darren Tucker <dtucker at zip.com.au>  2008-01-01
02:05:40 ---
Patch #1216 looks reasonable, targeting 4.8.

My concern is that the PAM coverage is a bit like a too-small blanket,
and pulling it one way to cover a particular case uncovers another case
that was previously working.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
You are watching the reporter.

https://bugzilla.mindrot.org/show_bug.cgi?id=926





--- Comment #28 from Tomas Mraz <t8m at centrum.cz>  2008-01-02 21:10:01
---
The patch is now included in Fedora and RHEL5 for some time without any
bug reports caused by it so I think it should be safe to include it.
But of course you're right that there is a potential for regressions
especially when some configurations were adjusted for the current
(wrong)  implementation.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
You are watching the reporter.

https://bugzilla.mindrot.org/show_bug.cgi?id=926





--- Comment #29 from Darren Tucker <dtucker at zip.com.au>  2008-01-02
23:57:35 ---
(In reply to comment #28)
> The patch is now included in Fedora and RHEL5 for some time without any
> bug reports caused by it so I think it should be safe to include it.
That certainly helps, but the caveat is that LinuxPAM is one of three
families of PAM implementations (that I know of), all of which have
their various quirks (and also differences between platforms that
nominally use the same code base).

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
You are watching the reporter.

https://bugzilla.mindrot.org/show_bug.cgi?id=926


Oliver Leonhardt <oliver.leonhardt at eds.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |oliver.leonhardt at eds.com




--- Comment #30 from Oliver Leonhardt <oliver.leonhardt at eds.com> 
2008-01-24 20:08:26 ---
I've compiled 4.7p1 and SNAP-20080122 and observed that the PAM session
was not closed when I exited the session.

I was looking for a solution and found this bug report.

I've applied the patch provided above and after that the PAM session
was closed correctly.

The system was openSUSE 10.3 with PAM 0.99.8.1-15.
UsePrivilegeSeparation was yes. User was root.

I would like to know whether the inclusion of this patch is being
considered or not. If yes, when will it be released?

Thank you very much.

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
You are watching someone on the CC list of the bug.
You are watching the reporter.