bugzilla-daemon at mindrot.org
2005-Sep-07 18:00 UTC
[Bug 1080] 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX
http://bugzilla.mindrot.org/show_bug.cgi?id=1080 Summary: 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX Product: Portable OpenSSH Version: 4.2p1 Platform: HPPA OS/Version: HP-UX Status: NEW Severity: security Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: jaearick at colby.edu CC: jaearick at colby.edu 4.2p1 code configured on HPUX 11.11 as: ./configure CC="gcc" CFLAGS="-O" \ --prefix=/opt/openssh --sysconfdir=/etc/ssh \ --with-ssl-dir=/opt/openssl --with-zlib \ --without-rsh --with-pam --with-privsep-user=ssh \ --with-tcp-wrappers --with-ipv4-default >& configure.out If UsePrivilegeSeparation=yes in sshd.config, then ssh connections fail with the syslog message: fatal: mm_receive_fd: recvmsg: expected received 1 got 0 The only way 4.2p1 will work on HPUX 11.11 is to set UsePrivilegeSeparation=no, which I view as a security hazard and will not do. UsePrivilegeSeparation=yes worked correctly with 4.1p1. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Sep-08 00:20 UTC
[Bug 1080] 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX
http://bugzilla.mindrot.org/show_bug.cgi?id=1080 ------- Additional Comments From dtucker at zip.com.au 2005-09-08 10:20 ------- What options do you have set in sshd_config? Also, could you please attach (ie use "create attachment" rather than pasting into the comment field) a copy of the debug output from the server (eg "/path/to/sshd -ddde -p 2022" then point a client at port 2022). BTW it runs OK on my 11.11 box with similar build options and the default sshd_config and the mm_receive_fd() code hasn't changed since 4.0p1. Also, what compiler are you using? If it's gcc 4.0.0 then I've had trouble with it on HP-UX not compiling stuff (especially OpenSSL) correctly. 3.x and 4.0.1 seem OK. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Sep-08 01:14 UTC
[Bug 1080] 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX
http://bugzilla.mindrot.org/show_bug.cgi?id=1080 ------- Additional Comments From jaearick at colby.edu 2005-09-08 11:14 ------- Compiler used is: gcc -v Using built-in specs. Target: hppa2.0w-hp-hpux11.11 Configured with: /usr/local/src/gnu/gcc-4.0.1/configure Thread model: single gcc version 4.0.1 I will have to do the sshd -ddde -p 2022 thing tomorrow when I am on a fast link and can manage multiple windows more easily. I dropped back to 4.1 on my test machine for tonight. I have had this same bug/failure on an A500 and an L3000, both HPUX 11.11. Attached is the sshd_config from the A500. BTW, my openssl 0.9.8 build/test fails on both boxes, I am using 0.9.7g instead. I filed an openssl bug about the "make test" feature failing, see openssl.org #1188 bug. HPUX sux when compared to Solaris... Hmmm, how to use the attachments link on the webpage? I am on a Mac, OSX 10.4.2, Safari 2 (popups allowed), I click nothing happens. Can I send this stuff by email attachment instead? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Sep-08 01:30 UTC
[Bug 1080] 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX
http://bugzilla.mindrot.org/show_bug.cgi?id=1080 ------- Additional Comments From dtucker at zip.com.au 2005-09-08 11:30 ------- (In reply to comment #2)> I filed an openssl bug about the "make test" feature failing, see > openssl.org #1188 bug.I'm using an old OpenSSL (0.9.7d) and gcc (3.3.3, the 4.x stuff was found on 11.00). I'll try 0.9.7g.> Hmmm, how to use the attachments link on the webpage?It's just a link to a page with a form, no popups: http://bugzilla.mindrot.org/attachment.cgi?bugid=1080&action=enter Try pasting that into your browser, if that doesn't work then you can mail them to me directly. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2005-Sep-19 03:47 UTC
[Bug 1080] 4.1p1 to 4.2p1 broke UsePrivilegeSeparation on HPUX
http://bugzilla.mindrot.org/show_bug.cgi?id=1080 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |INVALID ------- Additional Comments From dtucker at zip.com.au 2005-09-19 13:47 ------- Jeff had some problems attaching files, so after a bit off offline discussion the outcome was that gcc-4.0.1 seems to be the source of this problem. I've also personally had problems with 4.0.0. [quote] Lo and behold, I built and installed gcc 3.4.4: Reading specs from /usr/local/lib/gcc/hppa2.0w-hp-hpux11.11/3.4.4/specs Configured with: /usr/local/src/gnu/gcc-3.4.4/configure --with-gnu-as --with-as=/usr/local/bin/gas Thread model: single gcc version 3.4.4 then rebuilt and reinstalled openssh4.2p1. Boom! ssh works with my original sshd_config file, no problems. Time to rebuild openssl 0.9.8 and see if the problems there go away. Having gotten things to work with gcc 3.4.4, I'll blame that and move on. Conclusion: gcc 4.0.1 generates bad code for hppa systems. [/quote] I don't know where to even start with a gcc bug report, though... ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.