Regarding PAM_TTY_KLUDGE and Solaris 8...
Ed Phillips
ed at UDel.Edu
Thu Oct 25 23:20:37 EST 2001
On Wed, 24 Oct 2001, Darren Moffat wrote:
> Date: Wed, 24 Oct 2001 17:39:19 -0700 (PDT)
> From: Darren Moffat <Darren.Moffat at eng.sun.com>
> To: openssh-unix-dev at mindrot.org
> Subject: Re: Regarding PAM_TTY_KLUDGE and Solaris 8...
>
>
> >Okay, this appears to be a problem with pam_unix.so - the code in
> >pam_sm_open_session is written with the assumption that the tty name is of
> >the form "/dev/" + something else on the end. I'm not sure why the
>
> pam_sm_open_session in pam_unix on Solaris now does this:
>
> /* report error if ttyn or rhost are not set */
> if ((ttyn == NULL) || (rhost == NULL))
> return (PAM_SESSION_ERR);
>
> /* sanity check on size of tty line */
> if (strlen(ttyn) < sizeof("/dev/"))
> return (PAM_SESSION_ERR);
>
> later on it uses everything after the /dev/ as the short name tty to
> write to lastlog.
>
> This was part of the fix for 4250887. The fix will appear in patch
> 111659-03 (sparc) and 111660-03 (intel) when that patch is released.
Hi Darren,
Before the 111659-03 patch comes out, this section of code doesn't have
any of the error checking? What is the target date for this patch
release?
Still I think, in this case, calling pam_open_session() for the
non-interactive case is "wrong" and we should avoid it (especially if we
have to send a bogus tty name just to get it to keep from crashing). The
strange part about the crashing is that PAM_TTY is not set... so I'm not
exactly sure way it crashes because pam_sm_open_session() will return an
error if PAM_TTY is not set. I'll investigate further...
Thanks,
Ed
Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key
More information about the openssh-unix-dev
mailing list