[Bug 789] pam_setcred() not being called as root
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Jan 16 13:08:52 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=789
------- Additional Comments From djm at mindrot.org 2004-01-16 13:08 -------
IIRC the second call to pam_setcred was to reinitialise supplemental groups
after our initgroups call. Given our privsep'd nature, I'm not sure it makes
sense any more, at lease for UsePrivilegeSeparation=yes
Perhaps the pam_setcred call should happen around the time the unpriv child is
forked and its credentials established? but who knows what else that would break
- the PAM stuff is so poorly specified and thus fragile. (That's why I recommend
it only as a last resort.)
What is wrong with simply handing groups via /etc/groups?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list