Serious Bug Report: OpenSSH
Damien Miller
djm at mindrot.org
Wed Dec 8 08:42:54 EST 1999
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Tue, 7 Dec 1999, Ben Taylor wrote:
> On Tue, 7 Dec 1999, Damien Miller wrote:
>
> Actually, while debugging another problem, I realized that the
> do_pam_accounting_and_session was getting called multiple times
> until the authorization finally succeeded. Since I'm in the middle
> of a work around for the PAM bug in Solaris, and have split functionality
> for do_pam_account and do_pam_session, I was able to move the code
> to call do_pam_account into the segment [ if (authenticated) { return; } ]
> around line 1277 in sshd.c. The effect is that do_pam_account is called
> only after the user has been authenticated.
Yes, this is exactly what I did in 1.2pre16.
> I've got patches for Solaris in the works to use PTMX, utmpx instead of
> utmp, and a fix to the PAM library to prevent the segfault. It all
> works and I'm in the middle of cleaning up the patch. Solaris for
> some reason ends up printing MOTD twice, but I think I can just
> turn off MOTD in the config file.
1.2pre16 detects and uses PTMX, can you test this?
utmpx support would be nice.
Thanks,
Damien
- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE4TX9kormJ9RG1dI8RAt5FAJ9CynT0xrvzdIt22+MEqm2Wvo7ofwCgtJll
TUBgjmuq9mtLTgPtQ6vfXrA=
=iLg7
-----END PGP SIGNATURE-----
More information about the openssh-unix-dev
mailing list