From nobody@FreeBSD.org Thu Feb 1 11:09:00 2007 Return-Path: Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A5F8116A401 for ; Thu, 1 Feb 2007 11:09:00 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (www.freebsd.org [69.147.83.33]) by mx1.freebsd.org (Postfix) with ESMTP id 945B213C4B9 for ; Thu, 1 Feb 2007 11:09:00 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from www.freebsd.org (localhost [127.0.0.1]) by www.freebsd.org (8.13.1/8.13.1) with ESMTP id l11B90Gs023744 for ; Thu, 1 Feb 2007 11:09:00 GMT (envelope-from nobody@www.freebsd.org) Received: (from nobody@localhost) by www.freebsd.org (8.13.1/8.13.1/Submit) id l11B90lK023743; Thu, 1 Feb 2007 11:09:00 GMT (envelope-from nobody) Message-Id: <200702011109.l11B90lK023743@www.freebsd.org> Date: Thu, 1 Feb 2007 11:09:00 GMT From: Ludovic FLAMENT To: freebsd-gnats-submit@FreeBSD.org Subject: Segfault of sshd for unknown user when privilege separation is off and PAM is used X-Send-Pr-Version: www-3.0 >Number: 108656 >Category: bin >Synopsis: [patch] Segfault of sshd(8) for unknown user when privilege separation is off and PAM is used >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: closed >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Feb 01 11:10:31 GMT 2007 >Closed-Date: Thu Jul 23 15:57:31 UTC 2009 >Last-Modified: Thu Jul 23 15:57:31 UTC 2009 >Originator: Ludovic FLAMENT >Release: 6.2-RELEASE >Organization: NETASQ >Environment: FreeBSD build 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Wed Jan 17 11:24:47 CET 2007 ludovicf@build:/usr/obj/usr/src/sys/SMP i386 >Description: When we not used separation privilege, and we do a connection with a username that aren't known, sshd segfault We use PAM, but I don't think that problem is linked on, because when we see my solution to fix this crash, PAM have no impact. pid 2029 (sshd), uid 0: exited on signal 11 (core dumped) >How-To-Repeat: Put this option on sshd_config file ChallengeResponseAuthentication yes PasswordAuthentication no PermitEmptyPasswords no PermitRootLogin yes UsePrivilegeSeparation no connect on sshd with an unknwon username >Fix: in file /usr/src/crypto/openssh/auth.c in function fakepw(void) replace the 2 lines : fake.pw_uid = privsep_pw->pw_uid; fake.pw_gid = privsep_pw->pw_gid; by : if (use_privsep && (privsep_pw != NULL)) { fake.pw_uid = privsep_pw->pw_uid; fake.pw_gid = privsep_pw->pw_gid; } else { fake.pw_uid = (uid_t)-1; fake.pw_gid = (gid_t)-1; } >Release-Note: >Audit-Trail: State-Changed-From-To: open->closed State-Changed-By: vanhu State-Changed-When: Thu Jul 23 15:53:51 UTC 2009 State-Changed-Why: Fixed by des@ in commit 181111, MFCed to RELENG/7 http://www.freebsd.org/cgi/query-pr.cgi?pr=108656 >Unformatted: