bin/108656: Segfault of sshd for unknown user when privilege
separation is off and PAM is used
Ludovic FLAMENT
ludovic.flament at netasq.com
Thu Feb 1 11:10:32 UTC 2007
>Number: 108656
>Category: bin
>Synopsis: Segfault of sshd for unknown user when privilege separation is off and PAM is used
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Feb 01 11:10:31 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator: Ludovic FLAMENT
>Release: 6.2-RELEASE
>Organization:
NETASQ
>Environment:
FreeBSD build 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Wed Jan 17 11:24:47 CET 2007 ludovicf at build:/usr/obj/usr/src/sys/SMP i386
>Description:
When we not used separation privilege, and we do a connection with a username that aren't known, sshd segfault
We use PAM, but I don't think that problem is linked on, because when we see my solution to fix this crash, PAM have no impact.
pid 2029 (sshd), uid 0: exited on signal 11 (core dumped)
>How-To-Repeat:
Put this option on sshd_config file
ChallengeResponseAuthentication yes
PasswordAuthentication no
PermitEmptyPasswords no
PermitRootLogin yes
UsePrivilegeSeparation no
connect on sshd with an unknwon username
>Fix:
in file /usr/src/crypto/openssh/auth.c
in function fakepw(void)
replace the 2 lines :
fake.pw_uid = privsep_pw->pw_uid;
fake.pw_gid = privsep_pw->pw_gid;
by :
if (use_privsep && (privsep_pw != NULL))
{
fake.pw_uid = privsep_pw->pw_uid;
fake.pw_gid = privsep_pw->pw_gid;
}
else
{
fake.pw_uid = (uid_t)-1;
fake.pw_gid = (gid_t)-1;
}
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list