Testing Call

[Hank Leininger]

On 2002-07-17, Ben Lindstrom <mouring at etoh.eviladmin.org> wrote:

> If people could test snapshots (http://www.openssh.org/portable.html,
> pick your favorate mirror and select snapshots directory) and report
> failures it would be useful.
[snip]
> I'm looking mostly for privsep issues.  If you have a platform that has
> an issue with privsep and you are part of the main portable tree (uwin
> and cray are excluded at this moment) it needs to be discussed or
> you'll be suffering for another 4+ months.

Per bug 325[1] reported by jfm at bitfactor.com on 2002-06-29 and echoed by 
me 2002-07-12, 'PermitRootLogin forced-commands-only' is broken when
privsep is enabled (at least on Linux 2.2.x/glibc 2.[12], but that does  
not seem to matter).  From my report:

...it appears that when auth2.c:userauth_finish is called,
forced_command has been cleared (or perhaps, never set in that forked
sshd) so the call to auth_root_allowed(method) returns 0.

I included a "dumb but makes the problem go away" patch in the report. 
I've just tested 2002-07-19's snapshot, and forced root commands are still
refused when 'PermitRootLogin forced-commands-only' is set.

> Lastly, I'd like to thank all of you for bearing with us during the last
> few months.  I'm sure it is was frustrating to you as it is for us.=)

Thank YOU and the rest of the team for putting up with all us cranky users
over the last few months. :-P

[1] http://bugzilla.mindrot.org/show_bug.cgi?id=325

--
Hank Leininger <hlein at progressive-comp.com>