[Bug 969] early setpcred() stomps on PAM

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jan 5 13:08:32 EST 2005


http://bugzilla.mindrot.org/show_bug.cgi?id=969

           Summary: early setpcred() stomps on PAM
           Product: Portable OpenSSH
           Version: 3.9p1
          Platform: All
        OS/Version: AIX
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: dleonard at vintela.com


The early call to setpcred() in do_setusercontext() seems to drop the euid to
the user's uid on AIX5.1. This stops the future call to initgroups() from
working if setpcred() doesn't get the supplementary group list right. Which it
doesn't with PAM.

The symptoms are a 'successful' login, but the session exits immediately, with
sshd logging "initgroups: Permission denied".

setpcred() must still be called at some stage to correctly set up the process
rlimits and auditing class. I found that moving it to the end of
do_setusercontext() works.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list