search for: closefrom

https://bugzilla.mindrot.org/show_bug.cgi?id=1875 Summary: Gentoo QA warning: net-misc/openssh-5.8_p1-r1: closefromtest.c:46: warning: implicit declaration of function ?closefrom? Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P2 Component: Build sys...

...ocess will not be able to open its own /dev/log (generally in chroot). How does it work? We are trying to solve this problem on two fronts: - In do_child, we check if the /dev/log is available in the chroot and if not, we "leak the FD" to the internal-sftp process. We also postpone the closefrom() call after the internal-sftp call. - In privsep_postauth(), we have the same check (it could be probably written more nicely) which takes care of setting up log FDs going through the monitor. The idea is that this change should not modify behavior of the existing setup in case the /dev/log is a...

...-pubkey.o monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o auth-krb5.o auth2-gss.o gss-serv.o gss-serv-krb5.o -L/usr/src/usr.bin/ssh/sshd/../lib/obj -lssh -lgssapi -lkrb5 -lkafs -lcrypto -lutil -lz -ldes -lwrap sshd.o: In function `main': sshd.o(.text+0x1ed4): undefined reference to `closefrom' sshd.o(.text+0x1ee4): undefined reference to `closefrom' collect2: ld returned 1 exit status *** Error code 1 Stop in /usr/src/usr.bin/ssh/sshd (line 122 of /usr/share/mk/bsd.prog.mk). *** Error code 1 Stop in /usr/src/usr.bin/ssh. What did I screw up? -peter

...ello All, I'm using OpenSSH 4.3p2 in HP-UX 11.23. On running tusc (a tool to trace system calls and signals) on sshd, I found lot of close calls upto 2047. Those close calls try to close a non-opened file descriptor and results in an error. This behaviour is seen only from OpenSSH 3.9 where closefrom() call is introduced to close the file descriptors before re-exec. The fix is to check the resource limits before calling close(), but the comment in source code (bsd-closefrom.c) says that it is not recommended to check the resource limits. Is there anyway to fix this too many close() calls w...

...e:15618: g++ -o conftest -g -O2 conftest.cpp >&5 configure:15618: $? = 0 configure:15618: result: yes configure:15618: checking for sysconf configure:15618: g++ -o conftest -g -O2 conftest.cpp >&5 configure:15618: $? = 0 configure:15618: result: yes configure:15632: checking for closefrom configure:15632: g++ -o conftest -g -O2 conftest.cpp >&5 /tmp/ccsp771p.o: In function `main': /mnt/hdd1/search/xapian/xapian/conftest.cpp:65: undefined reference to `closefrom' collect2: ld returned 1 exit status configure:15632: $? = 1 configure: failed program was: | /* confdefs...

On Sun, 2018-01-07 at 18:41 +0000, halfdog wrote: > Hello list, > > I created a page to demonstrate, what would happen when chroot > root directory is writeable. In fact, code execution is possible > already, when only /etc and /bin are writable. I also tried to > escape the chroot jail, but that did not work for non-root users. > > As the 2009 CVE activities mention,

...with a RFC4511 section 4.4.1 response. o Laurent Menase <laurent.menase at hpe.com> * BUG 14388: winbind: Fix a memleak. o Stefan Metzmacher <metze at samba.org> * BUG 14465: idmap_ad: Pass tldap debug messages on to DEBUG(). * BUG 14482: lib/replace: Move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE. o Martin Schwenke <martin at meltin.net> * BUG 14466: ctdb disable/enable can fail due to race condition. ####################################### Reporting bugs & Development Discussion ######################################...

...with a RFC4511 section 4.4.1 response. o Laurent Menase <laurent.menase at hpe.com> * BUG 14388: winbind: Fix a memleak. o Stefan Metzmacher <metze at samba.org> * BUG 14465: idmap_ad: Pass tldap debug messages on to DEBUG(). * BUG 14482: lib/replace: Move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE. o Martin Schwenke <martin at meltin.net> * BUG 14466: ctdb disable/enable can fail due to race condition. ####################################### Reporting bugs & Development Discussion ######################################...

...(id=1431) --> (http://bugzilla.mindrot.org/attachment.cgi?id=1431) Make ssh-rand-helper close all fds above STDERR Random thought: I wonder if some commands are making unwarranted assumptions about the descriptors they inherit? The down side of this is one systems that don't have a native closefrom or equivalent is that the equivalent close calls are going to be relatively slow (but only required once). -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug. You are watching someone on...

Hi, As I understand the "ForceCommand" in the sshd_confing file is meant to ignore any command supplied by the client, but if user's home is shared by server and client machines over network (ex. NFS) then user can still put something else into ~/.ssh/rc file and overcome this limitation. Is it possible to disable execution of the ~/.ssh/rc file in such a case? Thaks, Mike

http://bugzilla.mindrot.org/show_bug.cgi?id=1345 Summary: closefromtest fails, sometimes Product: Portable OpenSSH Version: 4.6p1 Platform: amd64 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: bitbucket at mindrot.org Re...

On 8/1/19 4:15 AM, Richard W.M. Jones wrote: > On Thu, Aug 01, 2019 at 10:06:01AM +0100, Richard W.M. Jones wrote: >> As far as I can see Haiku (hrev52698) has O_CLOEXEC but NOT >> SOCK_CLOEXEC. As this version is a little old I'll do an update and >> see if newer versions support it. > > I'm on hrev53313+1 which also doesn't appear to have SOCK_CLOEXEC

...oaded by an adhoc LD_PRELOAD application. Customer would like to be able to remove the ControlPersist feature set by providing a global configuration option. This will allow ssh to act as it did before and not interfere with customer adhoc LD_PRELOAD app. e.g. if( options.controlpersist != 0 ){ closefrom(STDERR_FILENO+1) } How reproducible: Write app that opens some FDS use the export LD_PRELOAD on ssh execution of a scripted session when session exists see if FDS from the LD_PRELOAD app did too Actual results: fds closed Expected results: with ControlPersist disable option, fds from LD_PRELOAD...

https://bugzilla.mindrot.org/show_bug.cgi?id=1643 Summary: Set FD_CLOEXEC on client socket Product: Portable OpenSSH Version: 5.2p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org ReportedBy: jchadima at

Dear All, X.509 certificates support for OpenSSH version 6.0p1 was published. I brief new version include : - support for Android platform; - engine implementation is now considered stable; - various regression test improvements including fixes for OpenSSL FIPS enabled 1.0.1 stable release and korn shell Yours sincerely, Roumen Petrov -- Get X.509 certificates support in OpenSSH:

Hello, I''ve been working for a few days on a problem which, after tracking it down, seems to be related to unicorn. I''m hoping that somebody might be able to help with information about what''s going on. In the Rails 3 application that I support, we sometimes fork during a web request in order to do background processing behind the scenes without the user (and the

...tion and compilation output between Digi DEY 8.2.0 and Arm GNU Toolchain 12. The key differences were checking: if ${CC} supports compile flag -fzero-call-used-regs=all if ${CC} supports compile flag -ftrivial-auto-var-init=zero for sys/sysctl.h for library containing login for closefrom for close_range for library containing dlopen for arc4random for arc4random_buf for arc4random_uniform if libc defines sys_errlist if libc defines sys_nerr for library containing res_query for library containing dn_expand if res_query will link for _getsh...

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

https://bugzilla.mindrot.org/show_bug.cgi?id=3480 Bug ID: 3480 Summary: tracking bug for openssh-9.1 Product: Portable OpenSSH Version: -current Hardware: Other OS: Linux Status: NEW Keywords: meta Severity: enhancement Priority: P5 Component: Miscellaneous Assignee:

...ere the PAM implementation lacks this function (e.g. HP-UX). bz#3008 * sftp-server(8): fix Solaris privilege sandbox from preventing the legacy sftp rename operation from working (was refusing to allow hard links to files owned by other users). bz#3036 * All: add a proc_pidinfo()-based closefrom() for OS X to avoid the need to brute-force close all high-numbered file descriptors. bz#3049 * sshd(8): in the Linux seccomp-bpf sandbox, allow mprotect(2) with PROT_(READ|WRITE|NONE) only. This syscall is used by some hardened heap allocators. Github PR#142 * sshd(8): in the Linux...