Regarding PAM_TTY_KLUDGE and Solaris 8...

Ed Phillips ed at UDel.Edu
Thu Oct 25 23:20:37 EST 2001

On Wed, 24 Oct 2001, Darren Moffat wrote:

> Date: Wed, 24 Oct 2001 17:39:19 -0700 (PDT)
> From: Darren Moffat <Darren.Moffat at>
> To: openssh-unix-dev at
> Subject: Re: Regarding PAM_TTY_KLUDGE and Solaris 8...
> >Okay, this appears to be a problem with - the code in
> >pam_sm_open_session is written with the assumption that the tty name is of
> >the form "/dev/" + something else on the end.  I'm not sure why the
> pam_sm_open_session in pam_unix on Solaris now does this:
>         /* report error if ttyn or rhost are not set */
>         if ((ttyn == NULL) || (rhost == NULL))
>                 return (PAM_SESSION_ERR);
>         /* sanity check on size of tty line */
>         if (strlen(ttyn) < sizeof("/dev/"))
>                 return (PAM_SESSION_ERR);
> later on it uses everything after the /dev/ as the short name tty to
> write to lastlog.
> This was part of the fix for 4250887. The fix will appear in patch
> 111659-03 (sparc) and 111660-03 (intel) when that patch is released.

Hi Darren,

Before the 111659-03 patch comes out, this section of code doesn't have
any of the error checking?  What is the target date for this patch

Still I think, in this case, calling pam_open_session() for the
non-interactive case is "wrong" and we should avoid it (especially if we
have to send a bogus tty name just to get it to keep from crashing).  The
strange part about the crashing is that PAM_TTY is not set... so I'm not
exactly sure way it crashes because pam_sm_open_session() will return an
error if PAM_TTY is not set.  I'll investigate further...



Ed Phillips <ed at> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at for PGP public key

More information about the openssh-unix-dev mailing list