[Bug 789] pam_setcred() not being called as root
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Thu Jan 15 10:02:39 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=789
Summary: pam_setcred() not being called as root
Product: Portable OpenSSH
Version: 3.7.1p2
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: egmont at uhulinux.hu
In openssh-3.7.1p2/auth-pam.c, line 589, where pam_setcred() is called, both
real and effective user ID's are already switched to normal user.
However, they should be root here.
This causes a problem when trying to use pam_group.so module. This module is
supposed to grant membership to some additional groups, however, as it fails
to do so, it reports an error to sshd and hence sshd refuses the login.
/etc/pam.d/ssh is a symlink to system-auth which is used by many utilities on
my system, none of them has problem with pam_group except openssh. If I remove
the "auth required /lib/security/pam_group.so" line then sshd works as I expect.
A debug printf put into pam_group also clearly shows that unlike openssh, other
system utilities (at least login, gdm, kdm) have uid=euid=0 here.
OpenSSH 3.7.1p2, Linux-PAM 0.77, quite up-to-date system in other respects
(e.g. gcc 3.3.2, glibc 2.3.2, Linux kernel 2.4.24).
And, of course, sshd_conf contains "UsePAM yes".
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list