Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 4 Oct 2004 23:29:41 GMT
From:      Peter Losher <Peter_Losher@isc.org>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/72339: ssh.com port startup script needs to invoke 'env -i' before calling up sshd.
Message-ID:  <200410042329.i94NTfCd039943@www.freebsd.org>
Resent-Message-ID: <200410042330.i94NUMB2046366@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         72339
>Category:       ports
>Synopsis:       ssh.com port startup script needs to invoke 'env -i' before calling up sshd.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Oct 04 23:30:21 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator:     Peter Losher
>Release:        5.3-BETA3
>Organization:
ISC
>Environment:
FreeBSD tardis.isc.org 5.3-BETA3 FreeBSD 5.3-BETA3 #10: Sun Sep  5 21:25:58 PDT 2004     plosher@tardis.isc.org:/usr/obj/usr/src/sys/CONSOLE  i386
 
>Description:
For those of us running the ssh.com port with Krb5 support, we need 'env -i' invoked before sshd so that it doesn't inherit a KRB5CCNAME environment variable from the shell.  Not doing this causes problems with the ticket cache which is an issue with ksu, among other things.  In fact sshd shouldn't inherit any environment variables, imo.
>How-To-Repeat:
Run a system w/ MIT Kerberos & ssh.com's ssh2 from /usr/ports w/ Kerberos support enabled. and have more then two people try and ksu on the same system and you will get a 'Error in permissions opening credenials cache'.
>Fix:
Enclosed is a patch for the startup script so that it calls 'env -i' before calling sshd.

-=-
--- sshd2.sh.orig       Thu Sep  9 20:48:53 2004
+++ sshd2.sh    Thu Sep  9 20:49:01 2004
@@ -35,7 +35,7 @@
 case "$1" in
   start)
        # Start daemons.
-       ${SBINDIR}/sshd2 2> /dev/null
+       env -i ${SBINDIR}/sshd2 2> /dev/null
        echo -n ' sshd2'
        ;;
   stop)
-=-
>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410042329.i94NTfCd039943>