304729 – sys-auth/pambase[ssh] spawns unwanted instances of ssh-agent with su / sudo

Bug 304729 - sys-auth/pambase[ssh] spawns unwanted instances of ssh-agent with su / sudo

Summary: sys-auth/pambase[ssh] spawns unwanted instances of ssh-agent with su / sudo

Status:	RESOLVED TEST-REQUEST

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	[OLD] Core system (show other bugs)
Hardware:	All Linux

Importance:	High normal with 1 vote (vote)
Assignee:	PAM Gentoo Team (OBSOLETE)

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	490473
	Show dependency tree

Reported:	2010-02-12 15:01 UTC by Tavin Cole
Modified:	2018-09-23 16:44 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tavin Cole 2010-02-12 15:01:55 UTC

try this a few times:

# sudo ls /tmp

and watch the ssh-XXX directories pile up in /tmp.  apparently each sudo invocation spawns an ssh-agent, and somehow they get left behind even though the ssh-agent process is being killed.

now try something like this:

# su -c 'ls /tmp'

and you'll see the ssh-XXX directory created by the spawned ssh-agent, but at least it gets cleaned up properly afterwards.

imho, ssh-agent should not be spawned at all in such cases.  it seems to result from the pam_ssh.so session line in /etc/pam.d/system-auth, which is included by /etc/pam.d/{su,sudo}.

perhaps /etc/pam.d should be cleaned up so that the pam_ssh.so session behavior is not in system-auth but is only present for primary logins e.g. from the console.

Comment 1 Diego Elio Pettenò (RETIRED) gentoo-dev

2010-10-31 16:22:11 UTC

I'll see to work on this for the new pambase, although it gets quite messy, there is space for running this only for interactive logins…

Comment 2 Pacho Ramos gentoo-dev

2018-09-23 16:44:08 UTC

please retry with 20150213-r2