Hello,
I updated the latest snapshot as RPM's to two of my systems. Basic stuff
seems to be working ok.
Privilege separation failed though, possibly because I didn't populate
/var/empty with PAM entries. Privsep might be a bit raw in any case, at
least for the portable.
FWIW, I came across error message 'sshd: no user' and had to scratch my
head a bit to figure out what it meant. I suggest changing the order to
be more in sync with other similar code paths. Patch attached.
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
-------------- next part --------------
Index: sshd.c
==================================================================RCS file:
/cvs/openssh/sshd.c,v
retrieving revision 1.200
diff -u -r1.200 sshd.c
--- sshd.c 2 Apr 2002 20:48:20 -0000 1.200
+++ sshd.c 18 Apr 2002 13:36:04 -0000
@@ -536,7 +536,7 @@
demote_sensitive_data();
if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
- fatal("%s: no user", SSH_PRIVSEP_USER);
+ fatal("no user: %s", SSH_PRIVSEP_USER);
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
endpwent();
On Thu, Apr 18, 2002 at 04:36:00PM +0300, Pekka Savola wrote:> - fatal("%s: no user", SSH_PRIVSEP_USER); > + fatal("no user: %s", SSH_PRIVSEP_USER);should be fixed in -current
On Thu, 18 Apr 2002, Pekka Savola wrote:> Hello, > > I updated the latest snapshot as RPM's to two of my systems. Basic stuff > seems to be working ok. > > Privilege separation failed though, possibly because I didn't populate > /var/empty with PAM entries. Privsep might be a bit raw in any case, at > least for the portable.Privsep doesn't yet work for PAM, I am slowly working on it. -d
Pekka Savola wrote:> > Hello, > > I updated the latest snapshot as RPM's to two of my systems. Basic stuff > seems to be working ok. > > Privilege separation failed though, possibly because I didn't populate > /var/empty with PAM entries. Privsep might be a bit raw in any case, at > least for the portable.Hmm... /var/empty is just this -- empty. It shouldn't be populated with anything. Or else, if ssh requires some files in it's chroot, the chroot jail should be separate, private to ssh directory. Anyway, putting PAM files into chroot jail seems to be unreasonable at least -- having security- related configs in jail is wrong. I don't know how privsep currently works, but IMHO lowpriv process should NOT touch ANY system file(s) at all, all auth (including PAM) stuff belongs to privileged process anyway. Regards, Michael.