OpenSSH with Wilkinson patch on OS X 10.2

[Steven Michaud]

Last November (11-11-02) I sent a message to the krbdev list
(http://mailman.mit.edu/pipermail/krbdev/2002/000907.html) describing
some of the problems I'd had getting OpenSSH with Simon Wilkinson's
patch to work on Mac OS X 10.2 with its built-in MIT Kerberos
libraries.

I attached a bunch of patches that worked around all these problems.
But one of the patches was to Darwin/OS X's Security framework
(Security-54).  For various reasons it's difficult (if not impossible)
to keep this patch up to date.  And if you leave the Security
framework's problems unfixed, your system is at least theoretically
open to exploits by people with accounts on your system (because
everyone who makes an ssh connection will have access to the root
authorization session).  So my workarounds weren't suitable for
production systems.

(In January (1-12-03) I posted updated versions of some of these
patches, plus an update to Simon Wilkinson's patch --
http://mailman.mit.edu/pipermail/krbdev/2003/001078.html)

But recently I noticed that, with OS X 10.2.4, Apple _seems_ to have
resolved all the problems I found in their Security framework.  If my
Security framework patches can be dropped, then I do believe that the
rest of my workarounds _are_ suitable for productions systems.

Congratulations, Apple!  That was quick work.

At least I _think_ it was ... because though the evidence does suggest
that Apple has fixed the Security framework problems I reported, I
haven't been able to get anyone to confirm this.  If someone on this
list (especially someone from Apple) can confirm that SessionCreate()
now (as of 10.2.4) works in apps that use fork() or exec() and which
link to the MIT Kerberos libraries, there's a pretty long list of
people who'd be grateful.

My evidence is pretty basic:  After I'd upgraded to 10.2.4 (I used
Software Update), I recompiled OpenSSH 3.5p1 (with Simon Wilkinson's
and my updated patches) to link against the 10.2.4 Security framework.
Then I noticed that my single call to SessionCreate() from sshd (in
the connected user's context) was no longer failing.

I don't believe that the Kerberos framework was updated in 10.2.4.
But to be sure Apple hadn't "fixed" my problems by, say, stopping the
Kerberos framework's initialization code from making calls to
SessionGetInfo(), I restored my hacked Security framework and relinked
my hacked sshd to it -- I could still see multiple calls to
SessionGetInfo() before main() in sshd.

I don't see how Apple could have got the SessionCreate() calls working
from my hacked sshd without fixing all the problems that I reported to
this list on 11-11-02.  But appearances can be deceiving.  So if
anyone on this list knows more about this than I do, please to chime
in.