-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here's the output from running sshd in debug mode: debug1: sshd version OpenSSH_3.7p1 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: setgroups() failed: Invalid argument debug1: Bind to port 22 on 0.0.0.0. Server listening on 0.0.0.0 port 22. Generating 768 bit RSA key. RSA key generation complete. debug1: Server will not fork when running in debugging mode. Connection from 127.0.0.1 port 59687 debug1: Client protocol version 2.0; client software version OpenSSH_3.7p1 debug1: match: OpenSSH_3.7p1 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-1.99-OpenSSH_3.7p1 debug1: permanently_set_uid: 17/17 setuid 17: Operation not permitted debug1: Calling cleanup 0x24c8c(0x0) Replacing uidswap.c with the version from 3.6p1 and recompiling produces a working sshd. I have not tracked down which change caused the breakage, but it should be easy enough. Jacques Distler -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (Darwin) Comment: PGP Key - http://golem.ph.utexas.edu/~distler/distler.asc iD8DBQE/Z4ZgnyqPIXpYcjcRAvD9AJ4koreDrIZTZFb17gR5hWdXdokdtgCdF8wC Ll5bysCtwPV3QVnZ7BIhgck=XbuY -----END PGP SIGNATURE-----
Just a note, running 3.7p1 on one of my Redhat 6.2 boxes with no problems. The fact that I have to run a Redhat 6.2 box is a huge problem, however. -- J. Eric Townsend -- jet spies com buy stuff, damnit: http://www.spies.com/jet/store.html
Jacques Distler wrote:> debug1: permanently_set_uid: 17/17 > setuid 17: Operation not permitted > debug1: Calling cleanup 0x24c8c(0x0)Please try adding "#define SETEUID_BREAKS_SETUID 1" to config.h and recompiling. -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, September 17, 2003, at 01:38 AM, Darren Tucker wrote:> Jacques Distler wrote: >> debug1: permanently_set_uid: 17/17 >> setuid 17: Operation not permitted >> debug1: Calling cleanup 0x24c8c(0x0) > > Please try adding "#define SETEUID_BREAKS_SETUID 1" to config.h and > recompiling.Tried that; had no effect (now verified with 3.7.1p1). Daemon still dies when a client connects. I'm going back to uidswap.c from 3.6.1p1 until this gets sorted out. (I'm surprised noone else has reported this problem. Is everyone just waiting for Apple to release a binary?) jacques -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (Darwin) Comment: PGP Key - http://golem.ph.utexas.edu/~distler/distler.asc iD8DBQE/aFpunyqPIXpYcjcRAolYAKDgxNHmAXzaV6DYHJvctPDEc7QALACgnPcJ C5TdlftglIbVoM2N/c6v3bQ=1fT6 -----END PGP SIGNATURE-----
Jacques Distler wrote:> Tried that; had no effect (now verified with 3.7.1p1). Daemon still > dies when a client connects.It looks like OS X needs: #define SETEUID_BREAKS_SETUID 1 #define BROKEN_SETREUID 1 #define BROKEN_SETREGID 1 See: http://bugzilla.mindrot.org/show_bug.cgi?id=665 -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
If you define BROKEN_SETREUID and BROKEN_SETREGID, the problem goes away. A short test program calling setreuid on OS X will fail with the same error you encountered with sshd. andrew> -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > On Wednesday, September 17, 2003, at 08:53 AM, Darren Tucker wrote: > > > Jacques Distler wrote: > >> % egrep 'SET.*ID' config.h > >> /* #undef SETEUID_BREAKS_SETUID */ > >> /* #undef BROKEN_SETREUID */ > >> /* #undef BROKEN_SETREGID */ > >> #define HAVE_SETEGID 1 > >> #define HAVE_SETEUID 1 > >> /* #undef HAVE_SETLUID */ > >> #define HAVE_SETREGID 1 > >> /* #undef HAVE_SETRESGID */ > >> /* #undef HAVE_SETRESUID */ > >> #define HAVE_SETREUID 1 > >> #define HAVE_SETSID 1 > > > > With those defines, I'd expect the same behaviour as 3.6.1p2, and I'd > > also > > expect SETEUID_BREAKS_SETUID to resolve it. I dunno. > > > Well, thanks for trying. I've posted a note > <http://golem.ph.utexas.edu/~distler/blog/archives/000221.html> on my > weblog warning MacOSX users about this. > > Jacques > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.2 (Darwin) > Comment: PGP Key - http://golem.ph.utexas.edu/~distler/distler.asc > > iD8DBQE/aGyfnyqPIXpYcjcRApg2AKCgBG5e3J6NwdFAXcY8BrhpfwAD0wCglrf3 > XhN4mLfUH4UuXYnd1IzNjv4> =tnZH > -----END PGP SIGNATURE----- > > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev at mindrot.org > http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
Sorry to bust in on the list, but I have been trying to get OpenSSH to work for several days on OS X, rather than wait for the update (which is now released). I suffered a lot of frustration, tried many fixes on my own, searched Google, and only today managed to find the thread on this list. Though Apple's update has got me a patched SSH package, I would like to solve the problem in the source distribution I compiled and installed (in an alternate location). I know this is a developers list, but if someone would be kind enough to help me, I would appreciate it. I realize the patch has to do with the configure.ac file, but I'm unsure as to how to proceed. Where in the file would I insert this patch?Is the patch to be inserted all in one place, or are the lines broken up and inserted in various places in the file? I really have never done this much "tweaking" to get something to work, but I'm eager to learn something more about UNIX. Cordially, Mario Diana P.S. I may need you to "spell it out" a little more than you are used to doing among one another, though maybe all that means is you would have to tell me where to cut and paste. Thank you.