[Bug 1249] pam_open_session called with dropped privs

Mon Oct 9 11:48:34 EST 2006

http://bugzilla.mindrot.org/show_bug.cgi?id=1249

           Summary: pam_open_session called with dropped privs
           Product: Portable OpenSSH
           Version: 4.4p1
          Platform: PPC
        OS/Version: AIX
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: bitbucket at mindrot.org
        ReportedBy: dleonard at vintela.com

pam_open_session() is being called with euid/uid set to the
authenticated user (instead of root)

It seems that do_setusercontext() calls setpcred() early, but
setpcred() has the effect of setting uid/euid to the authenticated
user. This can't be undone, and the subsequent calls to
do_pam_session() are unprivileged.

This is bad for our pam module that creates missing home directories.

Reproduced on oslevels 4330-11, 5100-03, 5200-04

See also: bug 261

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.