[Bug 926] pam_session_close called as user or not at all

bugzilla-daemon bugzilla-daemon
Sat Aug 5 01:19:00 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=926





------- Comment #21 from t8m at centrum.cz  2006-08-05 01:18 -------
The patch causes a regression with pam_krb5 module.

See https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=201341

As I said above I think that the only correct solution which would
solve all cases (privsep yes/no, root/regular user) would be to add
another fork before the setuid calls and shell process exec.

login does this:
1. call pam_open_session
2. fork
3. parent waits for child, child impersonates user, execs shell
4. when child exits, parent calls pam_close_session




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.


More information about the openssh-bugs mailing list