openssh unix dev - Aug 2001 - Cray patch against openssh-SNAP-20010802

Significant changes since last patch.  

Deleted patches to packet.c and channel.c - not needed. 

Add small patch to sshd.c and openbsd/ssh-cray.c 
to disable cray process privileges.  Depending
on how a cray unicos/unicosmk system is configured user 
could su to root without a password with out this mod.

Add no_sco flag to noop check for -lrpc which assumes that
their was a -lyp library.

Changed ifdef around sigchld_handler to ifdef out mysignal
on crays.  This works around a unicos sigacton bug.

Defined INADDR_LOOPBACK in entropy.c

The details on all the patches:

 configure.in  - Add work around to sco libyp assumution.
 sshd.c        - Turn off cray process privileges root is enough on PRIV_SU
			  unicos/unicosmk systems.
 entropy.c     - Define INADDR_LOOPBACK
 deattack.c    - Modified to not depend on u_int16_t
		       being 16bit in size.   
 scp.c         - Modified to use alarm instead of setitimer. 
		       Unicos does not support setitier. 
 serverloop.c	- Modified sigchld_handler to not reset
		       on Crays.  This is the
		       only case its needs to be reset, the side effect
   	            is it fixes the problem with a infinite signal loop
 			  under unicos and unicosmk.
		       Modified waitpid to keep trying if it gets an EINTR,
 		       this can happen due to job termination signal on unicos and
		       unicosmk.
 session.c     - Added unicos/unicosmk job termination signal handler. 
		       Add TMPDIR environment variable.
			  Add code to set up a unicos/unicosmk job and system
		       limits.
 sshpty.c      - Unicos/unicosk pty support.

In openbsd-compat directory:
 bindresvport.c & - Code around the fact that the address of  sin_port 
 rresvport.c.       really is 64 bit aligned on a SV1.
 bsd-cray.c       - Clean up cray support routines.  Fix su related
		          security bug.
 bsd-cray.h       - Cray support subroutine proto types.


Bill Jones
-------------- next part --------------
A non-text attachment was scrubbed...
Name: craymods
Type: application/octet-stream
Size: 17570 bytes
Desc: not available
Url :
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20010802/5be5ff8a/attachment.obj

On Thu, 2 Aug 2001, William L. Jones wrote:
> Significant changes since last patch.
>
[snip]
>
> Add no_sco flag to noop check for -lrpc which assumes that
> their was a -lyp library.
Did Wendy's patch not fix your -lyp problem?
....

% diff -u configure.in.orig configure.in
--- configure.in.orig   Wed Aug  1 16:24:39 2001
+++ configure.in        Wed Aug  1 16:40:40 2001
@@ -245,7 +245,7 @@
         no_libsocket=1
         no_libnsl=1
        AC_DEFINE(USE_PIPES)
-       LDFLAGS="$LDFLAGS -L/usr/local/lib"
+       LDFLAGS="$LDFLAGS
-Wl,-Dmsglevel=334:fatal",-L/usr/local/lib"
         LIBS="$LIBS -lgen -lrsc"
         ;;
 *-dec-osf*)


-- 
wendy palm
Cray OS Sustaining Engineering, Cray Inc.
wendyp at cray.com, 651-605-9154
....
>
[snip]
>
> Bill Jones
-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net

> The details on all the patches:
>
>  configure.in  - Add work around to sco libyp assumution.
Does Wendy's patch work?  I'd rather use her's.
>  sshd.c        - Turn off cray process privileges root is enough on PRIV_SU
> 			  unicos/unicosmk systems.
applied.
>  entropy.c     - Define INADDR_LOOPBACK
Can we put this in defines.h instead?
>  deattack.c    - Modified to not depend on u_int16_t
> 		       being 16bit in size.
I still want Markus or someone in the OpenBSD group to bless this or
come up with a high-breed idea for the OpenBSD tree.
>  scp.c         - Modified to use alarm instead of setitimer.
> 		       Unicos does not support setitier.
This was commited to the upstream tree.
>  serverloop.c	- Modified sigchld_handler to not reset
> 		       on Crays.  This is the
> 		       only case its needs to be reset, the side effect
>    	            is it fixes the problem with a infinite signal loop
>  			  under unicos and unicosmk.
> 		       Modified waitpid to keep trying if it gets an EINTR,
>  		       this can happen due to job termination signal on unicos and
> 		       unicosmk.
Still not included.  Waiting for feed back from others..
>  session.c     - Added unicos/unicosmk job termination signal handler.
> 		       Add TMPDIR environment variable.
> 			  Add code to set up a unicos/unicosmk job and system
> 		       limits.
Applied most.
>  sshpty.c      - Unicos/unicosk pty support.
>
> In openbsd-compat directory:
>  bindresvport.c & - Code around the fact that the address of  sin_port
>  rresvport.c.       really is 64 bit aligned on a SV1.
I can get Damien or someone else agree this is what we want to do?  It
looks fine to me.
>  bsd-cray.c       - Clean up cray support routines.  Fix su related
> 		          security bug.
>  bsd-cray.h       - Cray support subroutine proto types.
Applied.

I added bsd-cray.h to openbsd-compat.h  where it should be.. If does not
work out there then we should try defines.h before putting it into a
single file.

- Ben

On Mon, 6 Aug 2001, William L. Jones wrote:
>
> Two problems.  Their an " just after fatal that I don't think
should be
> their
Ah yes, I see the extra "
But if remove it it should work.

The AC_CHECK_LIB(rpc, innetgr, LIBS="-lrpc -lyp -lrpc $LIBS" , , -lyp
-lrpc)
test should fail on anything other than SCO Open Server 3
> and I can still get errors because I don't have libyp.a.
As you should.
>
> My solution works!
>
> A better solution is to have the offinding code check for both rpc and yp
> lib before add them.
>
> Or just alway look for rpc and add it.  Then look for yp and add it.
Are you saying you need to link in librpc to get openssh to work?
>
> Just don't assume that yp exist if rpc does.
>
> How do you think the problem should be solved?
>
> BIll Jones
>
> > -----Original Message-----
> > From: Tim Rice [mailto:tim at multitalents.net]
> > Sent: Monday, August 06, 2001 1:06 PM
> > To: William L. Jones
> > Subject: Re: Cray patch against openssh-SNAP-20010802
> >
> >
> > On Sun, 5 Aug 2001, William L. Jones wrote:
> >
> > > I look and see.  Is her patch in the daily drop yet?
> >
> > Not yet. I was about to add it when I saw your message.
> > Please try the small patch below and let me know.
> >
> > >
> > > ----- Original Message -----
> > > From: "Tim Rice" <tim at multitalents.net>
> > > To: "William L. Jones" <jones at mail.utexas.edu>
> > > Cc: <openssh-unix-dev at mindrot.org>
> > > Sent: Sunday, August 05, 2001 7:06 PM
> > > Subject: Re: Cray patch against openssh-SNAP-20010802
> > >
> > >
> > > > On Thu, 2 Aug 2001, William L. Jones wrote:
> > > >
> > > > > Significant changes since last patch.
> > > > >
> > > > [snip]
> > > > >
> > > > > Add no_sco flag to noop check for -lrpc which assumes
that
> > > > > their was a -lyp library.
> > > >
> > > > Did Wendy's patch not fix your -lyp problem?
> > > > ....
> > > >
> > > > % diff -u configure.in.orig configure.in
> > > > --- configure.in.orig   Wed Aug  1 16:24:39 2001
> > > > +++ configure.in        Wed Aug  1 16:40:40 2001
> > > > @@ -245,7 +245,7 @@
> > > >          no_libsocket=1
> > > >          no_libnsl=1
> > > >         AC_DEFINE(USE_PIPES)
> > > > -       LDFLAGS="$LDFLAGS -L/usr/local/lib"
> > > > +       LDFLAGS="$LDFLAGS
-Wl,-Dmsglevel=334:fatal",-L/usr/local/lib"
> > > >          LIBS="$LIBS -lgen -lrsc"
> > > >          ;;
> > > >  *-dec-osf*)
> > > >
> > > >
> > > > --
> > > > wendy palm
> > > > Cray OS Sustaining Engineering, Cray Inc.
> > > > wendyp at cray.com, 651-605-9154
> > > > ....
> > > >
> > > > >
> > > > [snip]
> >
> > --
> > Tim Rice				Multitalents	(707) 887-1469
> > tim at multitalents.net
> >
> >
>
-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net