GSSAPIDelegateCredentials fails with a segfault
Darren Tucker
dtucker at zip.com.au
Wed May 2 17:14:44 EST 2007
Simon Wilkinson wrote:
> On 1 May 2007, at 11:23, Johan Andersson wrote:
[...]
BTW only one of "dev" or "lib" is actually needed in the chroot. I think it's
"lib" but I'm not 100% sure.
>> But this raises a new problem: The ticket cache /tmp/krb5cc_xxxxxx is
>> owned by root and not by the user, so klist fails with a "Permission
>> denied". Any idea about this?
>
> This would suggest that the seteuid is failing. The credentials storage
> routine is always called as:
>
> temporarily_use_uid(pw);
> ssh_gssapi_storecreds();
> restore_uid();
>
> I'm not sure why this would be failing without calling fatal(), however,
> unless you're seeing more glibc related damage? Darren?
I can't think of any way that could happen. Maybe if getpwuid() or getpwnam()
returned bogus info, but that would be a pretty unusual failure mode.
Perhaps the debug output from the server (/path/to/sshd -ddd) would provide some
insight as to what the server's actually doing.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list