On 09/13/16 12:07 PM, Alexander Pyhalov wrote:
On 09/12/16 10:53 PM, Alex Wilson wrote:
On 9/12/16 6:23 AM, Alexander Pyhalov wrote:


This makes me wonder, why we check for adt_* return codes, but don't
return from function at
https://github.com/illumos/openssh-portable/blob/illumos-7.2p2/audit-solaris.c#L179

and in similar places.


Yeah that's bad. We should fix that. Do you want to do up a revised
version of the patch or shall I?

I think when I initially read this patch while including it from the
Oracle stack I thought the error() calls were fatal() (which exits after
printing). Bit of an oversight.

Does this fix seem reasonable
https://github.com/OpenIndiana/oi-userland/pull/2398 ?



Hi, Alex.

After discussion with Dan, I think OpenSSH can still leak tid when connection was succesfully logged, but there was no authorization. In this case, as we see here: https://github.com/pyhalov/oi-userland/blob/72f9c960f71f910ec8c071bc28256d96f3dc6e8f/components/network/openssh/patches/0014-Solaris-Auditing-support.patch#L357 ,
tid will not be freed.

What do you think about this?

--
Best regards,
Alexander Pyhalov,
system administrator of Southern Federal University IT department


-------------------------------------------
illumos-discuss
Archives: https://www.listbox.com/member/archive/182180/=now
RSS Feed: https://www.listbox.com/member/archive/rss/182180/21175430-2e6923be
Modify Your Subscription: 
https://www.listbox.com/member/?member_id=21175430&id_secret=21175430-6a77cda4
Powered by Listbox: http://www.listbox.com

Reply via email to