[Bug 757] KRB5CCNAME inherited from root's environment under AIX
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Nov 13 10:29:20 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=757
Summary: KRB5CCNAME inherited from root's environment under AIX
Product: Portable OpenSSH
Version: -current
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: minor
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: dopheide at ncsa.uiuc.edu
Under AIX, if you restart sshd as root while you have KRB5CCNAME set in root's
environment (typical after 'ksu'ing), the value of KRB5CCNAME will be inherited
by all connecting clients. The code that causes this inheritance is in
session.c. Darren Tucker on the openssh-unix-dev mailling list thinks this is
due to how AIX's authenticate() function works (seen in auth-passwd.c).
As a result, the correct fix would be to unset KRB5CCNAME from the environment
at the start. Unfortunately, unsetenv() isn't a standard call on AIX systems.
I will attach a patch that fixes this problem.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list