[Bug 1601] Memory leak caused by forwarded GSSAPI credential store

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat May 23 21:52:05 EST 2009


Simon Wilkinson <simon at sxw.org.uk> changed:

           What    |Removed                     |Added
                 CC|                            |simon at sxw.org.uk

--- Comment #1 from Simon Wilkinson <simon at sxw.org.uk>  2009-05-23 21:52:04 ---
As noted on the mailing this, this fix is wrong ...

GSSAPI credentials need to be stored before the PAM stack is invoked
(this also means that the credentials need to be stored in the process
which invokes pam_setcred, and not in the unprivileged child). Also,
credentials need to be stored whether the user is running privsep or
not - this change moves credential storage to a privsep only code path.

An alternative fix, that doesn't move the location of the storecreds()
call, is going to be required. One option would be to dispose of these
structures in the parent as soon as the child is forked (if we're
running privsep), so removing the leak in the parent, and tidying up
the leak in the child in the manner in the attachment.

Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list