[Bug 926] pam_session_close called as user or not at all

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon May 22 21:39:33 EST 2006


http://bugzilla.mindrot.org/show_bug.cgi?id=926


dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at zip.com.au




------- Comment #14 from dtucker at zip.com.au  2006-05-22 21:39 -------
(In reply to comment #13)
> That wouldn't be a good idea, because even the session modules should
> be able to communicate with the user.

They can communicate but it's one-way only (through Buffer loginmsg). 
This is how it works with privsep=yes (but folks have the option of
setting privsep=no if they need this functionality, which is one reason
I didn't change it in the patch).

> I think the most correct but a little bit bloated approach would be to
> do another fork (in privsep mode it would be in slave before dropping
> privileges) which would be there regardless of privsep setting. That's
> how login, gdm and other such programs work.

I was wondering what login did.  That means that the pam_session_close
gets called by a different pid to the pam_session_open right? 
(although a direct descendant of it).




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list