Two small problems with 2.2.0p1 on BSD/OS 4.0.1, both invoving the
internal entropy collector:
1) The ``ls'' commands in ssh_prng_cmds.in all use -n, which isn't
valid
on BSD/OS and thus caused them all to fail when fixprogs checked them.
BSD/OS does, however, have a -T flag which gives complete timestamp
information (month, day, year, hour, minute, and second), which seems
like a useful addition. I suspect the configure script should be
enhanced to deal with this, but I don't know enough about configure to
suggest a patch.
2) The fixprogs script doesn't reopen the child process's STDIN, STDOUT,
and STDERR correctly. This caused all of the ``tail'' commands in
ssh_prng_cmds to fail because they couldn't write to stdout. Here's a
patch:
--- fixprogs.orig Thu May 18 09:12:50 2000
+++ fixprogs Mon Sep 11 16:57:42 2000
@@ -44,9 +44,9 @@
if (! ($pid = fork())) {
# child
close STDIN; close STDOUT; close STDERR;
- open STDIN, "</dev/null";
- open STDOUT, ">/dev/null";
- open STDERR, ">/dev/null";
+ open (STDIN, "</dev/null");
+ open (STDOUT, ">/tmp/foo");
+ open (STDERR, ">/dev/null");
exec $path @args;
exit 1; # shouldn't be here
}
Neither of these would have been fatal alone, but together they reduced
the number of available entropy sources to 15, one less than the
required minimum of 16, which caused the PRNG initialization to fail.
-Larry Jones
In short, open revolt and exile is the only hope for change? -- Calvin
I wrote:> > 2) The fixprogs script doesn't reopen the child process's STDIN, STDOUT, > and STDERR correctly. This caused all of the ``tail'' commands in > ssh_prng_cmds to fail because they couldn't write to stdout. Here's a > patch:But the patch was wrong (it redirected STDOUT to /tmp/foo instead of /dev/null, a leftover from trying to track down the problem). Here's the correct patch: --- fixprogs.orig Thu May 18 09:12:50 2000 +++ fixprogs Wed Sep 13 17:20:43 2000 @@ -44,9 +44,9 @@ if (! ($pid = fork())) { # child close STDIN; close STDOUT; close STDERR; - open STDIN, "</dev/null"; - open STDOUT, ">/dev/null"; - open STDERR, ">/dev/null"; + open (STDIN, "</dev/null"); + open (STDOUT, ">/dev/null"); + open (STDERR, ">/dev/null"); exec $path @args; exit 1; # shouldn't be here } There's also another problem -- the fake struct sockaddr_storage is not compatible with struct sockaddr on my system (sockaddr has a byte for the address family, sockaddr_storage has a short), which leads to all sorts of interesting, non-obvious failures later. The simplest solution is to have sockaddr_storage contain an actual sockaddr and use it. Here's the patch: --- fake-socket.h.orig Tue May 30 21:20:12 2000 +++ fake-socket.h Wed Sep 13 17:17:47 2000 @@ -6,17 +6,13 @@ #ifndef HAVE_STRUCT_SOCKADDR_STORAGE # define _SS_MAXSIZE 128 /* Implementation specific max size */ -# define _SS_ALIGNSIZE (sizeof(int)) -# define _SS_PAD1SIZE (_SS_ALIGNSIZE - sizeof(u_short)) -# define _SS_PAD2SIZE (_SS_MAXSIZE - (sizeof(u_short) + \ - _SS_PAD1SIZE + _SS_ALIGNSIZE)) +# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) struct sockaddr_storage { - u_short ss_family; - char __ss_pad1[_SS_PAD1SIZE]; - int __ss_align; - char __ss_pad2[_SS_PAD2SIZE]; + struct sockaddr ss_sa; + char __ss_pad2[_SS_PADSIZE]; }; +# define ss_family ss_sa.sa_family #endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ #ifndef IN6_IS_ADDR_LOOPBACK -Larry Jones Just when I thought this junk was beginning to make sense. -- Calvin
On Mon, 11 Sep 2000, Larry Jones wrote:> Two small problems with 2.2.0p1 on BSD/OS 4.0.1, both invoving the > internal entropy collector: > > 1) The ``ls'' commands in ssh_prng_cmds.in all use -n, which isn't valid > on BSD/OS and thus caused them all to fail when fixprogs checked them. > BSD/OS does, however, have a -T flag which gives complete timestamp > information (month, day, year, hour, minute, and second), which seems > like a useful addition. I suspect the configure script should be > enhanced to deal with this, but I don't know enough about configure to > suggest a patch.I have just added commands similar to "ls -alTi /var/log" @PROG_LS@ 0.02 to the prng commands list.> 2) The fixprogs script doesn't reopen the child process's STDIN, STDOUT, > and STDERR correctly. This caused all of the ``tail'' commands in > ssh_prng_cmds to fail because they couldn't write to stdout. Here's a > patch:Applied. How does this help, the patch only adds parantheses? -d -- | ``The power of accurate observation is | Damien Miller <djm at mindrot.org> | commonly called cynicism by those who | @Work <djm at ibs.com.au> | have not got it'' - George Bernard Shaw | http://www.mindrot.org