Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 384603 - sys-auth/pam_ssh-1.97-r2 (and r3) forgets to set gids in session start
Summary: sys-auth/pam_ssh-1.97-r2 (and r3) forgets to set gids in session start
Status: VERIFIED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: PAM Gentoo Team (OBSOLETE)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-09-27 06:09 UTC by Alexander E. Patrakov
Modified: 2013-11-10 12:52 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander E. Patrakov 2011-09-27 06:09:41 UTC
This is a copy-paste from https://bugzilla.novell.com/show_bug.cgi?id=665061 :


Before ssh-agent is started as user, pam_ssh does not
set the gid/grouplist. Therefore ssh-agent runs with gid 0.


Gentoo currently does not carry their patch, and the issue reported there can be demonstrated to exist in Gentoo, too.

Reproducible: Always

Steps to Reproduce:
1. emerge pambase with the pam_ssh USE flag
2. login as yourself, using your ssh key passphrase
3. ls -ld /proc/`pidof ssh-agent`
Actual Results:  
dr-xr-xr-x 7 aep root 0 Сен 27 12:09 /proc/9794


Expected Results:  
dr-xr-xr-x 7 aep aep 0 Сен 27 12:09 /proc/9794


aep@aep-desktop ~ $ cat /etc/pam.d/system-auth 
auth		required	pam_env.so 
auth		sufficient	pam_ssh.so
auth		required	pam_unix.so try_first_pass likeauth nullok 
auth		optional	pam_permit.so
 
account		required	pam_unix.so 
account		optional	pam_permit.so
 
password	required	pam_cracklib.so difok=2 minlen=8 dcredit=2 ocredit=2 retry=3 
password	required	pam_unix.so try_first_pass use_authtok nullok sha512 shadow 
password	optional	pam_permit.so
 
session		optional	pam_ssh.so
session		required	pam_limits.so 
session		required	pam_env.so 
session		required	pam_unix.so 
session		optional	pam_permit.so
Comment 1 Pacho Ramos gentoo-dev 2013-11-06 20:27:52 UTC
+*pam_ssh-1.98 (06 Nov 2013)
+
+  06 Nov 2013; Pacho Ramos <pacho@gentoo.org> +pam_ssh-1.98.ebuild:
+  Version bump
+

Try with this version please
Comment 2 Alexander E. Patrakov 2013-11-10 12:52:40 UTC
Fixed indeed.