Mailing List Archive: [Bug 789] pam_setcred() not being called as root

[Bug 789] pam_setcred() not being called as root

bugzilla-daemon at mindrot

Jan 29, 2004, 8:20 PM

Post #1 of 9 (657 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=789

------- Additional Comments From dtucker@zip.com.au 2004-01-29 21:20 -------
Created an attachment (id=537)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=537&action=view)
Only call pam_setcred a 2nd time when privsep is off

Perhaps we should do something like this? It means that any modules that *do*
rely on the TTY can still run with privsep off.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 789] pam_setcred() not being called as root [ In reply to ]

bugzilla-daemon at mindrot

Feb 5, 2004, 2:57 PM

Post #2 of 9 (651 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=789

djm@mindrot.org changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #537| |ok
Status| |

------- Additional Comments From djm@mindrot.org 2004-02-06 09:57 -------
(From update of attachment 537)
ok

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 789] pam_setcred() not being called as root [ In reply to ]

bugzilla-daemon at mindrot

Feb 5, 2004, 8:32 PM

Post #3 of 9 (650 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=789

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED

------- Additional Comments From dtucker@zip.com.au 2004-02-06 15:32 -------
Patch id 537 was just committed. Thanks for the report.

- (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root
user, since some modules might fail due to lack of privilege. ok djm@

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 789] pam_setcred() not being called as root [ In reply to ]

bugzilla-daemon at mindrot

Feb 12, 2004, 2:22 PM

Post #4 of 9 (649 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=789

egmont@uhulinux.hu changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |REOPENED
Resolution|FIXED |

------- Additional Comments From egmont@uhulinux.hu 2004-02-13 09:22 -------
Your "official" committed patch works okay for interactive logins, however,
still runs into the same problem if I try to scp a file to the server.

My "this patch works for me" works in both cases.

Hence I'm reopening the bug.

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 789] pam_setcred() not being called as root [ In reply to ]

bugzilla-daemon at mindrot

Feb 12, 2004, 6:34 PM

Post #5 of 9 (650 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=789

------- Additional Comments From dtucker@zip.com.au 2004-02-13 13:34 -------
Created an attachment (id=546)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=546&action=view)
Only make setcred call for !use_privsep (non-interactive path).

Looks like the same change is needed for the non-interactive path.

Since there is no PAM_TTY on this path, perhaps the entire #ifdef USE_PAM block
should be removed?

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 789] pam_setcred() not being called as root [ In reply to ]

bugzilla-daemon at mindrot

Feb 12, 2004, 6:41 PM

Post #6 of 9 (649 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=789

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #546 is|0 |1
obsolete| |

------- Additional Comments From dtucker@zip.com.au 2004-02-13 13:41 -------
Created an attachment (id=547)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=547&action=view)
Only make setcred call for !use_privsep (non-interactive path, corrected)

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 789] pam_setcred() not being called as root [ In reply to ]

bugzilla-daemon at mindrot

Feb 14, 2004, 9:14 PM

Post #7 of 9 (652 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=789

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
OtherBugsDependingO| |793
nThis| |
Keywords| |patch

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 789] pam_setcred() not being called as root [ In reply to ]

bugzilla-daemon at mindrot

Feb 22, 2004, 8:38 PM

Post #8 of 9 (650 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=789

djm@mindrot.org changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #547| |ok
Status| |

------- Additional Comments From djm@mindrot.org 2004-02-23 15:37 -------
(From update of attachment 547)
OK - assuming that it works

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 789] pam_setcred() not being called as root [ In reply to ]

bugzilla-daemon at mindrot

Feb 23, 2004, 5:03 AM

Post #9 of 9 (651 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=789

dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Status|REOPENED |RESOLVED
Resolution| |FIXED

------- Additional Comments From dtucker@zip.com.au 2004-02-24 00:03 -------
Patch #547 committed (it tested OK with pam_group on my RH9 box).

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.