[Bug 789] pam_setcred() not being called as root

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Thu Jan 15 10:02:39 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=789

           Summary: pam_setcred() not being called as root
           Product: Portable OpenSSH
           Version: 3.7.1p2
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: PAM support
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: egmont at uhulinux.hu


In openssh-3.7.1p2/auth-pam.c, line 589, where pam_setcred() is called, both
real and effective user ID's are already switched to normal user.
However, they should be root here.

This causes a problem when trying to use pam_group.so module. This module is
supposed to grant membership to some additional groups, however, as it fails
to do so, it reports an error to sshd and hence sshd refuses the login.

/etc/pam.d/ssh is a symlink to system-auth which is used by many utilities on
my system, none of them has problem with pam_group except openssh. If I remove
the "auth required /lib/security/pam_group.so" line then sshd works as I expect.
A debug printf put into pam_group also clearly shows that unlike openssh, other
system utilities (at least login, gdm, kdm) have uid=euid=0 here.

OpenSSH 3.7.1p2, Linux-PAM 0.77, quite up-to-date system in other respects
(e.g. gcc 3.3.2, glibc 2.3.2, Linux kernel 2.4.24).
And, of course, sshd_conf contains "UsePAM yes".



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list