[Bug 637] ssh records that the user has logged out even though an sftp session is active
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Sep 15 05:42:17 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=637
------- Additional Comments From micah at cs.swt.edu 2003-09-15 05:42 -------
I looked at creating a patch for the current version, but I ran into problems
with "privilege separation" i.e. setuid(). I noticed that you fork several
times to handle a user logons, especially using privilege separation, which
makes it bit more confusing.
the change is located in "session.c" where you have two functions to handle the
user:
void do_exec_pty(Session *s, const char *command)
void do_exec_no_pty(Session *s, const char *command)
and the only difference is "do_exec_pty" calls "do_login" which calls
"record_login" in "sshlogin.c" because "do_exec_pty" handles shell invocations.
the logon(writing to the wtmp file) only occurs if privilege separation is not
used so it's a bit confusing.
so the obvious fix to the nieve developer, me, is to add "do_login" to the
"do_exec_no_pty" function to handle all subsystem invocations but this doesn't
work if privilege separation is used because the executing process is running as
the user who was authenticated and not root.
any ideas?
FYI, executing "sftp -s /usr/libexec/sftp-server <host>" goes through
"do_exec_no_pty" just like all subsystem commands so it would be logged too...
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list