search for: getpeerucred

http://bugzilla.mindrot.org/show_bug.cgi?id=1287 Summary: Use getpeerucred on Solaris Product: Portable OpenSSH Version: v4.5p1 Platform: All URL: http://marc.theaimsgroup.com/?l=openssh-unix- dev&m=115919880516907&w=2 OS/Version: Solaris Status: NEW Severity: normal...

hi, Solaris doesn't have getpeereid() or SO_PEERCRED. However, getpeerucred() is perfectly usable for that; and it's in Solaris 10 and OpenSolaris. So, ssh-agent(1) security there so far depends only on permissions of the socket directory and with this patch it checks peer's credentials, too. I patched following files using a snapshot from 20060921: openssh/con...

http://bugzilla.mindrot.org/show_bug.cgi?id=1287 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |FIXED ------- Comment #1 from dtucker at zip.com.au 2007-03-21 21:40

http://bugzilla.mindrot.org/show_bug.cgi?id=1287 bugzilla-openssh at thewrittenword.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|FIXED | ------- Comment #2 from bugzilla-openssh at

...bvirtError(''virConnectOpenReadOnly() failed'') libvirt.libvirtError: server closed connection remote$ telnet xvm0 16509 9010/1: pollsys(0x00450570, 6, 0x00000000, 0x00000000) = 1 9010/1: accept(10, 0x7FFFFFDFE8A0, 0x7FFFFFDFE888, SOV_DEFAULT) = 11 9010/1: getpeerucred(11, 0x00450290) Err#22 EINVAL 9010/1: close(11) = 0 xvm0# telnet xvm0 16509 9069/1: pollsys(0x00450570, 6, 0x00000000, 0x00000000) = 1 9069/1: accept(10, 0x7FFFFFDFE8A0, 0x7FFFFFDFE888, SOV_DEFAULT) = 11 9069/1: getpeerucred(11,...

...ntext.c:432: warning: implicit declaration of function `ENGINE_cleanup' ... 2) Dovecot's LDA does not work After stopping the the old dovecot, and starting dovecot 2.1.3 using tghe exact same config file, local mail delivery tempfails: Mar 23 02:51:51 server dovecot: auth: Error: getpeerucred() failed: Bad address Mar 23 02:51:51 server dovecot: auth: Error: userdb connection: Failed to get peer's credentials Mar 23 02:51:51 server dovecot: lda: Error: userdb lookup(j.tam): Disconnected unexpectedly Mar 23 02:51:51 server dovecot: lda: Fatal: Internal error occurred. Refer to...

...first one seems to always be for the client itself (even with public key auth disabled), and then subsequent connections are made 1:1 with remote client connections that are being forwarded. My agent implementation already knows how to look up the PID of the connected process (via SO_PEERCRED, getpeerucred, etc) and find its executable name and basic info (via procfs, kvm_getprocs etc) on the handful of OS that I care about, so this is what I'm thinking of doing: 1. Track connections per process by pid + process start time (so if the PID is re-used, the start time should be different and we...

...==================================== RCS file: /var/cvs/openssh/configure.ac,v retrieving revision 1.503 diff -u -p -r1.503 configure.ac --- configure.ac 10 Feb 2013 23:39:13 -0000 1.503 +++ configure.ac 15 Feb 2013 00:26:37 -0000 @@ -1550,6 +1550,8 @@ AC_CHECK_FUNCS([ \ getopt \ getpeereid \ getpeerucred \ + getpgid \ + getpgrp \ _getpty \ getrlimit \ getttyent \ Index: openbsd-compat/bsd-misc.c =================================================================== RCS file: /var/cvs/openssh/openbsd-compat/bsd-misc.c,v retrieving revision 1.36 diff -u -p -r1.36 bsd-misc.c --- openbsd-compat/bsd-...

...nts. (bz #1262) - Prevent sftp-server(8) from reading until it runs out of buffer space, whereupon it would exit with a fatal error. (bz #1286) * Portable OpenSSH bugs fixed: - Fix multiple inclusion of paths.h on AIX 5.1 systems. (bz #1243) - Implement getpeereid for Solaris using getpeerucred. Solaris systems will now refuse ssh-agent(1) and ssh(1) ControlMaster clients from different, non-root users (bz #1287) - Fix compilation warnings by including string.h if found. (bz #1294) - Remove redefinition of _res in getrrsetbyname.c for platforms that already define it....

...nts. (bz #1262) - Prevent sftp-server(8) from reading until it runs out of buffer space, whereupon it would exit with a fatal error. (bz #1286) * Portable OpenSSH bugs fixed: - Fix multiple inclusion of paths.h on AIX 5.1 systems. (bz #1243) - Implement getpeereid for Solaris using getpeerucred. Solaris systems will now refuse ssh-agent(1) and ssh(1) ControlMaster clients from different, non-root users (bz #1287) - Fix compilation warnings by including string.h if found. (bz #1294) - Remove redefinition of _res in getrrsetbyname.c for platforms that already define it....

I am sponsoring this fasttrack for John Levon. It is set to expire on 3/14/2007. Note that this is an externally visible case. liane --- SMF services for Xen 1. Introduction This case introduces the SMF services used by a Solaris-based domain 0 when running on Xen, or a Xen-compatible hypervisor. All of these services only run on domain 0 when booted under Xen virtualisation.

...+for sshd: -lpam PAM is enabled. You may need to install a PAM control file for sshd, otherwise password authentication may fail. Example PAM control files can be found in the contrib/ subdirectory WARNING: the operating system that you are using does not appear to support getpeereid(), getpeerucred() or the SO_PEERCRED getsockopt() option. These facilities are used to enforce security checks to prevent unauthorised connections to ssh-agent. Their absence increases the risk that a malicious user can connect to your agent. ------------------------------------------------------------------------...

...error when copying to FIFO file #1261: Timed out command through ControlMaster yields 0 return value. #1286: SFTP keeps reading input until it runs out of buffer space #1243: Multiple including of paths.h on AIX 5.1 systems. #1262: ssh disconnect message from master control is confusing #1287: Use getpeerucred on Solaris #1294: includes.h should pull in string.h based on HAVE_STRING_H #1299: Remove redefinition of _res in getrrsetbyname.c #1306: Spurious : "chan_read_failed for istate 3" errors from sshd #1325: SELinux support broken when SELinux is in permissive mode #1339: pam_dhkeys doesn...

...r fchown... yes checking for freeaddrinfo... yes checking for fstatvfs... yes checking for futimes... no checking for getaddrinfo... yes checking for getcwd... yes checking for getgrouplist... yes checking for getnameinfo... yes checking for getopt... yes checking for getpeereid... yes checking for getpeerucred... no checking for _getpty... no checking for getrlimit... yes checking for getttyent... no checking for glob... yes checking for group_from_gid... no checking for inet_aton... yes checking for inet_ntoa... yes checking for inet_ntop... yes checking for innetgr... no checking for login_getcapbool.....