Bug report against openssh-2.3.0p1

Charles Jardine cj10 at cam.ac.uk
Fri Mar 2 04:46:22 EST 2001


I am writing to report a bug in openssh-2.3.0p1, and to suggest
a fix.

I have OpenSSH installed on a Solaris 8 box. The output of
uname -a is:

> SunOS dipper.csi.cam.ac.uk 5.8 Generic_108528-06 sun4u sparc SUNW,Ultra-5_10

OpenSSH was configured with the following options:

> ./configure --prefix=/jackdaw --with-default-path=/jackdaw/bin:/usr/bin

On this OS, with this configuration, it uses PAM.

I have a passwordless account. and passwordless login is
permitted, both by 'PASSREQ=NO' in /etc/default/login and
'PermitEmptyPasswords yes' in sshd_config.

The symptom of the bug is that interactive ssh to the
passwordless account fails. The sshd session process takes
a SIGSEGV just after the debugging message 'PAM setting tty to ...'.
I think that the SIGSEGV is inside pam_open_session. Truss
shows that the lastlog file has just been opened for writing.

Non-interactive uses of ssh work.

The cause is that, on this route through the code,
do_pam_account is _not_ called, but do_pam_session is.
This results in pam_open_session being called with PAM_TTY
set but PAM_RHOST not set. (In the non-interactive case,
PAM_TTY is not set either, so the PAM module does not try
to update lastlog, and so does not look at PAM_RHOST).

The SIGSEGV might be regarded as a bug in Sun's code, but the
failure to set PAM_RHOST in the case of a passwordless login
is a bug in OpenSSH.

I have applied the following patch to my copy. It seems to
fix the problem.

*** auth1.c     Thu Mar  1 17:33:31 2001
--- auth1.c.patched     Thu Mar  1 17:33:18 2001
***************
*** 455,461 ****
            (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
  #endif /* KRB4 */
  #ifdef USE_PAM
!           auth_pam_password(pw, "")) {
  #elif defined(HAVE_OSF_SIA)
            (sia_validate_user(NULL, saved_argc, saved_argv,
            get_canonical_hostname(), pw->pw_name, NULL, 0,
--- 455,461 ----
            (!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
  #endif /* KRB4 */
  #ifdef USE_PAM
!           auth_pam_password(pw, "") && do_pam_account(pw->pw_name, NULL)) {
  #elif defined(HAVE_OSF_SIA)
            (sia_validate_user(NULL, saved_argc, saved_argv,
            get_canonical_hostname(), pw->pw_name, NULL, 0,

-- 
Charles Jardine - Computing Service, University of Cambridge
cj10 at cam.ac.uk    Tel: +44 1223 334506, Fax: +44 1223 334679





More information about the openssh-unix-dev mailing list