ports/72339: ssh.com port startup script needs to invoke 'env -i' before calling up sshd.
Peter Losher
Peter_Losher at isc.org
Mon Oct 4 23:30:27 UTC 2004
>Number: 72339
>Category: ports
>Synopsis: ssh.com port startup script needs to invoke 'env -i' before calling up sshd.
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Oct 04 23:30:21 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Peter Losher
>Release: 5.3-BETA3
>Organization:
ISC
>Environment:
FreeBSD tardis.isc.org 5.3-BETA3 FreeBSD 5.3-BETA3 #10: Sun Sep 5 21:25:58 PDT 2004 plosher at tardis.isc.org:/usr/obj/usr/src/sys/CONSOLE i386
>Description:
For those of us running the ssh.com port with Krb5 support, we need 'env -i' invoked before sshd so that it doesn't inherit a KRB5CCNAME environment variable from the shell. Not doing this causes problems with the ticket cache which is an issue with ksu, among other things. In fact sshd shouldn't inherit any environment variables, imo.
>How-To-Repeat:
Run a system w/ MIT Kerberos & ssh.com's ssh2 from /usr/ports w/ Kerberos support enabled. and have more then two people try and ksu on the same system and you will get a 'Error in permissions opening credenials cache'.
>Fix:
Enclosed is a patch for the startup script so that it calls 'env -i' before calling sshd.
-=-
--- sshd2.sh.orig Thu Sep 9 20:48:53 2004
+++ sshd2.sh Thu Sep 9 20:49:01 2004
@@ -35,7 +35,7 @@
case "$1" in
start)
# Start daemons.
- ${SBINDIR}/sshd2 2> /dev/null
+ env -i ${SBINDIR}/sshd2 2> /dev/null
echo -n ' sshd2'
;;
stop)
-=-
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list