Possible security flaw in OpenSSH and/or pam_krb5
Nicolas Williams
Nicolas.Williams at sun.com
Sat Jun 11 00:39:01 EST 2005
On Thu, Jun 09, 2005 at 10:58:06PM -0500, Nicolas Williams wrote:
> On Fri, Jun 10, 2005 at 12:58:36PM +1000, Darren Tucker wrote:
> > Nicolas Williams wrote:
> > [...]
> > >As for the conversation function issue you have, I've advised the
> > >OpenSSH team before on how to handle the matter, namely: nest the
> > >dispatch_run() event loop. That is how Solaris 10's sshd does it, no
> > >fork(), no threads. There was one tricky issue: unwinding the stack on
> > >keyboard-interactive userauth abandonment, but it was not that tricky.
> >
> > If you mean calling the event loop from within the conversation function
> > then OpenSSH used to do something like that (as far back as 2.5x which I
> > believe SunSSH was originally based on). It predates my involvement
> > though, so I can't comment on what issues it had. I suspect that
> > privsep makes it much tricker. djm may wish to comment on this.
BTW, Solaris 10's SUNWssh is based on OpenSSH 3.5*, Solaris 9's is based
on OpenSSH 2.5*. And the dispatch_run() loop nesting idea did originate
with OpenSSH.
Nico
--
More information about the openssh-unix-dev
mailing list