[Bug 926] pam_session_close called as user or not at all

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Aug 20 15:58:13 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=926


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
OtherBugsDependingO|1155                        |
              nThis|                            |




------- Comment #22 from dtucker at zip.com.au  2006-08-20 15:58 -------
(In reply to comment #21)
> The patch causes a regression with pam_krb5 module.
> See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201341

Thanks for giving it a spin in Fedora.  Does this particular problem
also occur with PrivSep=no?

> As I said above I think that the only correct solution which would
> solve all cases (privsep yes/no, root/regular user) would be to add
> another fork before the setuid calls and shell process exec.

Would there be any downside to setting KRB5CCNAME in the parent too?

(since it causes a regression, I'm taking this bug out of the list for
4.4 pending further work.)




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the openssh-bugs mailing list