Mailing List Archive

[Bug 980] sshd does not write the session leader pid to utmp when priv-separation is enabled
http://bugzilla.mindrot.org/show_bug.cgi?id=980

Summary: sshd does not write the session leader pid to utmp when
priv-separation is enabled
Product: Portable OpenSSH
Version: 3.9p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: logsnaath@gmx.net


sshd when privilege separation is enabled and when a normal user logs in, writes
privileged sshd's pid to the utmp file instead of writing the session leader's
(shell)pid. As an effect this, the w command in linux shows that the user is
currectly executing sshd, when the user is idle.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 980] sshd does not write the session leader pid to utmp when priv-separation is enabled [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=980





------- Additional Comments From dtucker@zip.com.au 2005-02-04 00:22 -------
Created an attachment (id=802)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=802&action=view)
pass session pid to monitor for login recording

Please try this patch.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 980] sshd does not write the session leader pid to utmp when priv-separation is enabled [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=980





------- Additional Comments From logsnaath@gmx.net 2005-02-04 23:38 -------
The problem was some what different than I reported. The `w` command in linux
shows that the user is currectly executing sshd, when the user is switched to
another user using `su` command. The patch did not solve the problem. But it
writes the correct pid. This patch introduces another issue that when the user
logged out, it did not clear the wtmp and we get a "gone - no logout" when
`last` command is executed.

system: Fedora Core release 2
Kernel : linux-2.6.5-1.358



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 980] sshd does not write the session leader pid to utmp when priv-separation is enabled [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=980





------- Additional Comments From senthilkumar_sen@hotpop.com 2005-02-09 15:38 -------
This fix (ID=802) fixes one problem in hpux. Previously, the logname command
didn't worked in hpux, but now with this fix it is working. However even after
the user logs out, the last command still displays that the user is "still
logged in". This happens when privilegeseparation is enabled.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 980] sshd does not write the session leader pid to utmp when priv-separation is enabled [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=980


dtucker@zip.com.au changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #802 is|0 |1
obsolete| |




------- Additional Comments From dtucker@zip.com.au 2005-02-12 20:57 -------
Created an attachment (id=821)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=821&action=view)
pass session pid to monitor for login recording, record session logout too




------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 980] sshd does not write the session leader pid to utmp when priv-separation is enabled [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=980





------- Additional Comments From senthilkumar_sen@hotpop.com 2005-02-15 00:19 -------
Yes, the patch (id=821) works in hpux.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 980] sshd does not write the session leader pid to utmp when priv-separation is enabled [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=980


senthilkumar_sen@hotpop.com changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |senthilkumar_sen@hotpop.com




------- Additional Comments From senthilkumar_sen@hotpop.com 2005-02-24 19:56 -------
Is this patch for login recording and logout will be in next release?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
[Bug 980] sshd does not write the session leader pid to utmp when priv-separation is enabled [ In reply to ]
http://bugzilla.mindrot.org/show_bug.cgi?id=980





------- Additional Comments From dtucker@zip.com.au 2005-02-25 10:23 -------
No, the patch has not been committed. I don't think it's quite right either, I
think it writes the pid of the unprivileged sshd not the pid of the shell.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.