[Bug 1249] pam_open_session called with dropped privs
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Oct 9 11:48:34 EST 2006
http://bugzilla.mindrot.org/show_bug.cgi?id=1249
Summary: pam_open_session called with dropped privs
Product: Portable OpenSSH
Version: 4.4p1
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: dleonard at vintela.com
pam_open_session() is being called with euid/uid set to the
authenticated user (instead of root)
It seems that do_setusercontext() calls setpcred() early, but
setpcred() has the effect of setting uid/euid to the authenticated
user. This can't be undone, and the subsequent calls to
do_pam_session() are unprivileged.
This is bad for our pam module that creates missing home directories.
Reproduced on oslevels 4330-11, 5100-03, 5200-04
See also: bug 261
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list