[Bug 839] Privilege Separation + PAM locks users out

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jul 21 09:20:57 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=839

peak at argo.troja.mff.cuni.cz changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |



------- Additional Comments From peak at argo.troja.mff.cuni.cz  2004-07-21 09:20 -------
There is a bug in the patch: waitpid() with ENOHANG can return 0 if the child is
still alive. The corresponding piece of code in sshpam_sigchld_handler() should
look like this one:

+       int res;
...
+       res = waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, WNOHANG);
+       if (res == 0 || res == -1) {
+               /* PAM thread has not exitted, privsep slave must have */
+               kill(cleanup_ctxt->pam_thread, SIGTERM);
+               res = waitpid(cleanup_ctxt->pam_thread, &sshpam_thread_status, 0);
+               if (res == -1)
+                       return; /* could not wait */
+       }




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list