On Wed, 2020-05-27 at 16:27 +0930, David Newall wrote: > On 27/5/20 12:41 am, Hans Petter Jansson wrote: > > https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-February/037556.html > > I have two comments: > First, in the patch, I think it's insufficient to free(s->pw) as s- > >pw probably has copies of strings. See end of pwcopy() in misc.c. > Second, might userauth_finish() in auth2.c be a better place to > reload the struct passwd? > It does seem like something which deserves to be fixed. Don't let it > drop. auth2.c:userauth_finish() does seem like a good place. I tried that first, but privsep complicates it somewhat. I wasn't able to figure out a way to do it without adding monitor code for getpwnam(); as far as I can tell, getpwnamallow() is only meant to be called once, and it also does quite a bit of extra work (config parsing etc) that we don't need the second time around. -- Hans Petter
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
