[Bug 1388] New: Parts of auth2-pubkey. c are completely devoid of debug logging
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sun Nov 4 11:42:14 EST 2007
https://bugzilla.mindrot.org/show_bug.cgi?id=1388
Summary: Parts of auth2-pubkey.c are completely devoid of debug
logging
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: Other
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: mvolaski at aecom.yu.edu
Consider this small section of code from the user_key_allowed2 function
in auth2-pubkey.c
/* Fail quietly if file does not exist */
if (stat(file, &st) < 0) {
/* Restore the privileged uid. */
restore_uid();
return 0;
}
/* Open the file containing the authorized keys. */
f = fopen(file, "r");
if (!f) {
/* Restore the privileged uid. */
restore_uid();
return 0;
}
Fail quietly? Why? And what about debugging? Someone trying to figure
out why authentication has failed is merely left with a statement from
later in the code sequence that just says the "key was disallowed".
That's not helpful, for it's not technically true.
(I haven't explored other sections of code, but in general, I think any
return statement in the middle of function is a failure of that
function should probably have an explanatory debug statement at some
level associated with it.)
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list