[Bug 1322] pam_end() is not called if authentication fails, which breaks pam-abl

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Jun 18 10:07:57 EST 2007


http://bugzilla.mindrot.org/show_bug.cgi?id=1322


Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org




--- Comment #2 from Damien Miller <djm at mindrot.org>  2007-06-18 10:07:54 ---
DO NOT apply the patch in the Debian bug. It will expose your system to
the signal handler vulnerability fixed in openssh-4.4

This is the "difficult to fix" SIGALRM handler. We could make
sshpam_cleanup() fire if do_cleanup was not called in signal context,
but that would just open a different workaround for password guessers:
make max_auth_tries-1 guesses and keep the connection open until it
times out. 


-- 
Configure bugmail: http://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list