search for: disable_fd_pass

http://bugzilla.mindrot.org/show_bug.cgi?id=1344 Summary: DISABLE_FD_PASSING does not work if sshd invoked by inetd Product: Portable OpenSSH Version: 4.6p1 Platform: Other OS/Version: Other Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bit...

...gested to me that I forward this message to you. ---------- Forwarded Message ---------- Subject: privsep in ssh Date: Fri, 19 Sep 2003 12:22 From: Russell Coker <russell at coker.com.au> To: SE Linux <selinux at tycho.nsa.gov> Cc: Colin Watson <cjwatson at debian.org> #ifdef DISABLE_FD_PASSING if (1) { #else if (authctxt->pw->pw_uid == 0 || options.use_login) { #endif /* File descriptor passing is broken or root login */ monitor_apply_keystate(pmonitor); use_privsep = 0; return; } When brows...

...oing depends on what we loose if we drop post-auth privsep. > I'd suggest the following patch against openssh-SNAP-20020826. Most of > it is cleanup patch from a while back that I submitted too late for > 3.4p1 and didn't resend after that I guess. The other defines > DISABLE_FD_PASSING when SIA is enabled, which effectively turns off > post-auth privsep. So if DISABLE_FD_PASSING turns privsep off, does that mean that session_setup_sia() will be run directly by do_child(), which at that point will be effective uid 0? > Note that I haven't been able to try it wi...

http://bugzilla.mindrot.org/show_bug.cgi?id=1113 Summary: Add Interix authentication support Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: other Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: tv at

...ixWare 7.x, OpenUNIX 8 *-*-sysv5*) + check_for_libcrypt_later=1 cat >>confdefs.h <<\_ACEOF #define USE_PIPES 1 _ACEOF @@ -6021,6 +6022,14 @@ cat >>confdefs.h <<\_ACEOF #define BROKEN_SETREGID 1 +_ACEOF + + cat >>confdefs.h <<\_ACEOF +#define DISABLE_FD_PASSING 1 +_ACEOF + + cat >>confdefs.h <<\_ACEOF +#define PASSWD_NEEDS_USERNAME 1 _ACEOF ;;

...s/configure.ac,v retrieving revision 1.247 diff -p -u -r1.247 configure.ac --- configure.ac 24 Feb 2005 01:12:35 -0000 1.247 +++ configure.ac 24 Feb 2005 12:59:53 -0000 @@ -158,7 +158,6 @@ case "$host" in AC_DEFINE(NO_X11_UNIX_SOCKETS) AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) AC_DEFINE(DISABLE_FD_PASSING) - AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN) Index: openbsd-compat/bsd-misc.c =================================================================== RCS file: /cvs/openssh_cvs/openbsd-compat/bsd-misc.c,v retrieving revision 1.25 diff -p -u -r1.25 bsd-misc.c --- openbs...

...oesn't support AF_UNIX sockets on that system]) - AC_DEFINE([IPPORT_RESERVED], [0], - [Cygwin has no notion of ports only accessible to superusers]) + AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], + [Define if the concept of ports only accessible to + superusers isn't known]) AC_DEFINE([DISABLE_FD_PASSING], [1], [Define if your platform needs to skip post auth file descriptor passing]) diff --git a/defines.h b/defines.h index a438ddd..c099df6 100644 --- a/defines.h +++ b/defines.h @@ -43,6 +43,17 @@ enum #endif /* + * Cygwin doesn't really have a notion of reserved ports but for bac...

http://bugzilla.mindrot.org/show_bug.cgi?id=1343 Summary: Privilege separation does not work on QNX Product: Portable OpenSSH Version: 4.6p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: kraai at

There have been a few recent commits to portable OpenSSH that require testing. It would be appreciated if you could grab the 20031118 (or later) snapshot and give it a try on your platforms of choice. Ideally, "giving it a try" means running the regress tests, in addition to casual (non-production) use and reporting your experiences back to the list. The more platforms and compile-time

...ested on non-solaris platforms (Tim, do you still have Daz's last patch to buildpkg.sh so you could test under SCO or should I just commit it and we can play cvs tag?). Known issues: 1. Tru64 (OSF/1) w/ SIA still is broken under Privsep. (For partial privsep support change config.h /* #undef DISABLE_FD_PASSING */ to #define DISABLE_FD_PASSING 1) If we can't come up with a solution by 3.5 release then I'll just set DISABLE_FD_PASSING for the 3.5 release. The issue is how the SIA sessioning is getting horked. And without someone giving me a tru64 box or access (w/ root) for a few days it is p...

https://bugzilla.mindrot.org/show_bug.cgi?id=2167 Bug ID: 2167 Summary: Connection remains when fork() fails. Product: Portable OpenSSH Version: 5.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

Hi, We would like to make one of our periodic releases shortly, so once again we are asking for readers of this list (or anyone else) to download and test a CVS snapshot of OpenSSH on your favourite platforms. The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable snapshots are available the mirrors listed at http://www.openssh.com/portable.html#ftp in the

Hi, We would like to make one of our periodic releases shortly, so once again we are asking for readers of this list (or anyone else) to download and test a CVS snapshot of OpenSSH on your favourite platforms. The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable snapshots are available the mirrors listed at http://www.openssh.com/portable.html#ftp in the

3.8p1 added the following to main() in sshd.c: #ifndef HAVE_CYGWIN /* Clear environment */ environ[0] = NULL; #endif This breaks the getenv("TZ") in session.c and causes logins to occur in GMT time. It also causes any sshd syslog messages to be written in GMT time. I'm on SCO Openserver 5.0.7, but this looks like it should affect all platforms. Am I missing something? I

...================================================= RCS file: /cvs/openssh/configure.ac,v retrieving revision 1.438 diff -u -p -r1.438 configure.ac --- configure.ac 18 Jan 2010 01:05:39 -0000 1.438 +++ configure.ac 22 Jan 2010 09:35:57 -0000 @@ -446,7 +446,7 @@ int main(void) { exit(0); } AC_DEFINE(DISABLE_FD_PASSING, 1, [Define if your platform needs to skip post auth file descriptor passing]) - AC_DEFINE(SSH_IOBUFSZ, 65536, [Windows is sensitive to read buffer size]) + AC_DEFINE(SSH_IOBUFSZ, 65535, [Windows is sensitive to read buffer size]) ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN, 1, -- Cor...

...ty: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: vinschen at redhat.com When a successful pubkey authentication took place, two "Accepted publickey" entries occur in syslog. This happens on all systems having DISABLE_FD_PASSING set, or for root logins, if privilege separation is enabled. The cause is apparently that monitor as well as slave write a syslog entry. One of these entries should be suppressed. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assi...

...OF + + cat >>confdefs.h <<\EOF #define DISABLE_LOGIN 1 EOF diff -urN openssh-3.7p1-dist/configure.ac openssh-3.7p1/configure.ac --- openssh-3.7p1-dist/configure.ac Tue Sep 16 00:48:15 2003 +++ openssh-3.7p1/configure.ac Tue Sep 16 14:03:51 2003 @@ -395,6 +395,9 @@ fi AC_DEFINE(DISABLE_FD_PASSING) AC_DEFINE(BROKEN_GETADDRINFO) + AC_DEFINE(SETEUID_BREAKS_SETUID) + AC_DEFINE(BROKEN_SETREUID) + AC_DEFINE(BROKEN_SETREGID) AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin") ;;

...rac p24 ttyp24 16191 Wed Sep 3 09:21 1d 23:04 ?? Here's the patch: --8<-- cut here --8<-- *** configure.orig 2003-03-26 00:12:34.000000000 -0500 --- configure 2003-07-18 17:26:00.000000000 -0400 *************** *** 4588,4593 **** --- 4588,4597 ---- #define DISABLE_FD_PASSING 1 _ACEOF + cat >>confdefs.h <<\_ACEOF + #define WITH_ABBREV_NO_TTY 1 + _ACEOF + for ac_func in getluid setluid --8<-- cut here --8<-- -- Roger Cornelius rac at tenzing.org

Hi, I'm attempting to get openssh-3.4p1 up and running on our DEC/Compaq Alpa workstations. They are running Tru64 Unix 5.1A. I compile the package myself. Openssh-3.1 worked perfectly, with the default sshd_config file. Openssh-3.4p1 works, if I set UsePrivilegeSeparation to "no" in the sshd_config file. NOTE: I have a secondary issue with the ListenAddress default setting

Hi, when trying to optimize socket transfer rates under Cygwin, it turned out that the underlying WinSock implementation is surprisingly sensitive to buffer sizes. The latest Cygwin from CVS is now setting the socket receive/send buffers (SO_RCVBUF/SO_SNDBUF) to 64K, rather than keeping them at their default values of 8K which thwarts data transfers a lot. While testing I still had the problem