From ef3a4a208c4bd711f7c4131e3bb293313652450d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 6 Feb 2004 15:30:50 +1100 Subject: - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root user, since some modules might fail due to lack of privilege. ok djm@ --- ChangeLog | 4 +++- session.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index aaae0204d..02d50cbed 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (dtucker) [acss.c acss.h] Fix $Id tags. - (dtucker) [cipher-acss.c cipher.c] Enable acss only if building with OpenSSL >= 0.9.7. ok djm@ + - (dtucker) [session.c] Bug #789: Do not call do_pam_setcred as a non-root + user, since some modules might fail due to lack of privilege. ok djm@ 20040129 - (dtucker) OpenBSD CVS Sync regress/ @@ -1787,4 +1789,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.3206 2004/02/06 04:26:10 dtucker Exp $ +$Id: ChangeLog,v 1.3207 2004/02/06 04:30:50 dtucker Exp $ diff --git a/session.c b/session.c index 3a6d1a028..02c5dca9b 100644 --- a/session.c +++ b/session.c @@ -519,7 +519,8 @@ do_exec_pty(Session *s, const char *command) #if defined(USE_PAM) if (options.use_pam) { do_pam_set_tty(s->tty); - do_pam_setcred(1); + if (!use_privsep) + do_pam_setcred(1); } #endif -- cgit v1.2.3