Jack Bryans
2001-Feb-24 21:16 UTC
NeXT 3.3 vs openssh-2.5.1p1 (Couldn't restore privileges)
Wanted to make openssh w/both -lwrap and BIND 8.2.3's -lbind on an m68k NeXT 3.3. Started w/then current openssh-2.3.0p1. Had to use -posix for compiler and loader to get -lbind to work, and had to throw out all openssh NeXT porting to get -posix to work. By the time I had it all working and installed, a security mailing list said there was a new openssh version released. Bagged openssh-2.5.1p1, went thru it again, only to find ssh fatals out w/ Couldn't restore privileges. Non-root suid ssh works just fine. An archive search shows others have the same problem. Haven't seen a diagnosis or patch yet. In the meantime, how bad would it be to #comment out the seteuid change and restore at the bottom of entropy.c? Jack
mouring at etoh.eviladmin.org
2001-Feb-24 22:49 UTC
NeXT 3.3 vs openssh-2.5.1p1 (Couldn't restore privileges)
On Sat, 24 Feb 2001, Jack Bryans wrote:> Wanted to make openssh w/both -lwrap and BIND 8.2.3's -lbind on an m68k NeXT > 3.3. Started w/then current openssh-2.3.0p1. Had to use -posix for > compiler and loader to get -lbind to work, and had to throw out all openssh > NeXT porting to get -posix to work. By the time I had it all working and > installed, a security mailing list said there was a new openssh version > released. >First off.. Don't use -posix. I've spent 7 months of my life replacing broken posix functions in NeXT. You may get it to compile with -posix, but it's not going to work right. Secondly, why are you attempting to link to bind directly? What is wrong with using the native resolving libraries?> Bagged openssh-2.5.1p1, went thru it again, only to find ssh fatals out w/ > Couldn't restore privileges. > > Non-root suid ssh works just fine. > > An archive search shows others have the same problem. Haven't seen a > diagnosis or patch yet. >I'm going to attempt to look at this today. I've just been overwelmed recently. =)> In the meantime, how bad would it be to #comment out the seteuid change and > restore at the bottom of entropy.c? >Originally the seteuid code was not there. It was added to ensure that if any bad information was in the prng file that it could not be used to compromise the ssh client. So it's up to you if you wish to comment it out. - Ben
mouring at etoh.eviladmin.org
2001-Feb-25 02:04 UTC
NeXT 3.3 vs openssh-2.5.1p1 (Couldn't restore privileges)
On Sat, 24 Feb 2001, Jack Bryans wrote: [..]> Bagged openssh-2.5.1p1, went thru it again, only to find ssh fatals out w/ > Couldn't restore privileges. >FYI.. Use 'prngd' and do --with-egd-pool=/path/to/random and this will solve your problem about "Couldn't restore priviledges." This is an issue with just using the pure-built in Entropy system. - Ben
Apparently Analagous Threads
- Antwort: Re: Antwort: Re: OpenSSL Installation Problem after Migration AIX 4.3.3 to AIX 5.2
- [PATCH] Cygwin: rel 3.0 drops requirement for privileged non-SYSTEM account
- OpenSSH 2.5.1p1 won't compile on Solaris 8 x86 (fwd)
- make 2.5.1p1 on Solaris8 (fwd)
- Cannot connect to OpenSSH 2.5.1p1