Bug#439058: GSSAPICleanupCredentials doesn't work for root

To: submit@bugs.debian.org
Subject: Bug#439058: GSSAPICleanupCredentials doesn't work for root
From: Tim Abbott <tabbott@MIT.EDU>
Date: Tue, 21 Aug 2007 17:39:24 -0400 (EDT)
Message-id: <[🔎] Pine.LNX.4.64L.0708182045520.23102@mega-man.mit.edu>
Reply-to: Tim Abbott <tabbott@MIT.EDU>, 439058@bugs.debian.org

Package: openssh-server
Version: 4.3p2-9
Severity: important

GSSAPICleanupCredentials is not deleting Kerberos tickets created if oneforwards credentials (using GSSAPIDelegate Credentials) to root.

Further investigation reveals that the GSSAPI client store's filenamefield is being overwritten with 0 sometime between being set ingss-serv-krb5.c and being checked during cleanup in gss-serv.c.

The behavior of overwriting data structures with 0s seems very similar toa bug I reported a year ago in ssh-krb5 3.8.1 on sarge:


#372680: ssh-krb5: pam_close_session is not being called

While #372680 does not seem to be a general problem in ssh 4.3p2-9, I donotice that pam_close_session is also not being called for root in4.3p2-9.


	-Tim Abbott

Reply to:

Prev by Date: Bug#73611: +CAN YOU HELP ME WITH THIS +
Next by Date: Bug#439661: openssh-server: Don't complain if IPv4 listening is handled by IPv6
Previous by thread: Bug#73611: +CAN YOU HELP ME WITH THIS +
Next by thread: Bug#439661: openssh-server: Don't complain if IPv4 listening is handled by IPv6
Index(es):
- Date
- Thread