OpenSSH 3.4p1 hostbased auth - howto?
Tony Finch
dot at dotat.at
Thu Jul 25 01:26:42 EST 2002
On Wed, Jul 24, 2002 at 03:53:50PM +0200, Markus Friedl wrote:
> > This is the problem. It's a manifestation of the bug I reported a month
> > ago on this list with the subject "privilege separation breaks dns lookups".
> > There is a patch but it hasn't been committed.
>
> but there should be no DNS lookups in the unprivileged code...
This is on FreeBSD-4.6-STABLE using the openssh-portable port (which is
3.4p1) The backtrace of the offending DNS lookup is
#0 0x8061450 in get_remote_hostname (socket=5, verify_reverse_mapping=0) at canohost.c:81
#1 0x8061714 in get_canonical_hostname (verify_reverse_mapping=0) at canohost.c:194
#2 0x8050021 in input_userauth_request (type=50, seq=5, ctxt=0x80990c0) at auth2.c:147
#3 0x8067fcf in dispatch_run (mode=0, done=0x80990c0, ctxt=0x80990c0) at dispatch.c:93
#4 0x804fef8 in do_authentication2 () at auth2.c:96
#5 0x804e365 in main (ac=4, av=0xbfbffab0) at sshd.c:1507
The call to get_canonical_hostname in input_userauth_request is part of
the FreeBSD patch set, so I'll report the bug to them.
Tony.
--
f.a.n.finch <dot at dotat.at> http://dotat.at/
FISHER GERMAN BIGHT: WEST OR NORTHWEST 5 OR 6, BUT 7 IN NORTHEAST FISHER AT
FIRST, DECREASING 4 IN SOUTHWEST FISHER AND IN GERMAN BIGHT. SHOWERS. GOOD.
More information about the openssh-unix-dev
mailing list