search for: no_ipport_reserved_concept

Hi, I've sent that patch once already but it seems more or less forgotten in the tumultuous days of the latest vulnerability. It adds a new define NO_IPPORT_RESERVED_CONCEPT which can be defined on platforms not supporting the concept of "privileged" ports only accessible by privileged users but which allow everyone to use these ports. This patch removes some Cygwin dependencies from the code. Otherwise, if this patch isn't applied, we definitely need a...

...etpair()]) AC_DEFINE(DISABLE_SHADOW, 1, [Define if you want to disable shadow passwords]) - AC_DEFINE(IP_TOS_IS_BROKEN, 1, - [Define if your system choked on IP TOS setting]) AC_DEFINE(NO_X11_UNIX_SOCKETS, 1, [Define if X11 doesn't support AF_UNIX sockets on that system]) AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT, 1, -- Corinna Vinschen Cygwin Project Co-Leader Red Hat

...te', please let me know! --- serverloop.c.original 2009-10-21 10:45:13.000000000 +0300 +++ serverloop.c 2009-10-21 10:53:09.000000000 +0300 @@ -1119,9 +1119,9 @@ if (!options.allow_tcp_forwarding || no_port_forwarding_flag || (!want_reply && listen_port == 0) #ifndef NO_IPPORT_RESERVED_CONCEPT - || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) + || (listen_port !=0 && listen_port < IPPORT_RESERVED && pw->pw_uid != 0) #endif ) { success = 0; packet_send_debug("Server has disabled port forwarding."); -- Ari Hyt...

...============== RCS file: /cvs/openssh_cvs/configure.ac,v retrieving revision 1.247 diff -p -u -r1.247 configure.ac --- configure.ac 24 Feb 2005 01:12:35 -0000 1.247 +++ configure.ac 24 Feb 2005 12:59:53 -0000 @@ -158,7 +158,6 @@ case "$host" in AC_DEFINE(NO_X11_UNIX_SOCKETS) AC_DEFINE(NO_IPPORT_RESERVED_CONCEPT) AC_DEFINE(DISABLE_FD_PASSING) - AC_DEFINE(SETGROUPS_NOOP) ;; *-*-dgux*) AC_DEFINE(IP_TOS_IS_BROKEN) Index: openbsd-compat/bsd-misc.c =================================================================== RCS file: /cvs/openssh_cvs/openbsd-compat/bsd-misc.c,v retrieving revision 1.25 diff -p -u...

..."$host" in [Define if you want to disable shadow passwords]) AC_DEFINE([NO_X11_UNIX_SOCKETS], [1], [Define if X11 doesn't support AF_UNIX sockets on that system]) - AC_DEFINE([IPPORT_RESERVED], [0], - [Cygwin has no notion of ports only accessible to superusers]) + AC_DEFINE([NO_IPPORT_RESERVED_CONCEPT], [1], + [Define if the concept of ports only accessible to + superusers isn't known]) AC_DEFINE([DISABLE_FD_PASSING], [1], [Define if your platform needs to skip post auth file descriptor passing]) diff --git a/defines.h b/defines.h index a438ddd..c099df6 100644 --- a/defines.h +++ b...

Hi, OpenSSH 5.3 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

Can I have people test the cvs tree or the next snapshots. I believe NeXT is still broken (I will try to compile it tonight). getopts patch will be applied, but I can't find the email address of who sent to me (can you email me off list, thanks). - Ben

I am enclosing a context diff of the changes that I made to get openssh working on UWIN. UWIN is a UNIX operating system layer that runs on Win32 systems. For more information on UWIN go to http://www.research.att.com/sw/tools/uwin/. I also ran configure using -with-cppflags=-D_BSDCOMP=2. I don't know where that information would go with the source code. Let me know if you need more

On Thu, May 04, 2017 at 09:37:59AM +1000, Adam Eijdenberg wrote: > Hi Devin, have you looked at using openssh certificates to help manage [...] > While the feature has been around for a while now (and is really > useful), there doesn't seem to be huge amount of documentation around > it. I found the following useful when getting a client of my running Yeah, when I wrote about it

...PATH "/usr/bin:/bin:/usr/sbin:/sbin:/users/eckmann/export/ssh/bin" #define _PATH_SSH_PIDDIR "/var/run" /* #undef BROKEN_GETADDRINFO */ /* #undef BROKEN_UPDWTMPX */ #define DONT_TRY_OTHER_AF 1 #define IPV4_IN_IPV6 1 /* #undef BSD_AUTH */ /* #undef NO_X11_UNIX_SOCKETS */ /* #undef NO_IPPORT_RESERVED_CONCEPT */ /* #undef BROKEN_SAVED_UIDS */ #define GLOB_HAS_ALTDIRFUNC 1 /* #undef GLOB_HAS_GL_MATCHC */ /* #undef BROKEN_ONE_BYTE_DIRENT_D_NAME */ /* #undef HAVE_ETC_DEFAULT_LOGIN */ /* #undef HAVE_GETOPT_OPTRESET */ /* #undef MISSING_NFDBITS */ /* #undef MISSING_HOWMANY */ /* #undef MISSING_FD_MASK */ /*...

...5 12:53:24.203841440 -0700 @@ -203,8 +203,8 @@ */ void -add_local_forward(Options *options, u_short port, const char *host, - u_short host_port) +add_local_forward(Options *options, const char *listen_host, u_short port, + const char *host, u_short host_port) { Forward *fwd; #ifndef NO_IPPORT_RESERVED_CONCEPT @@ -215,6 +215,7 @@ if (options->num_local_forwards >= SSH_MAX_FORWARDS_PER_DIRECTION) fatal("Too many local forwards (max %d).", SSH_MAX_FORWARDS_PER_DIRECTION); fwd = &options->local_forwards[options->num_local_forwards++]; + fwd->listen_host = listen_host == N...

...HAVE_VA_COPY 1 #define HAVE_VHANGUP 1 #define HAVE_VSNPRINTF 1 #define HAVE_WAITPID 1 #define HAVE___FUNCTION__ 1 #define HAVE___PROGNAME 1 #define HAVE___VA_COPY 1 #define HAVE___func__ 1 #define IP_TOS_IS_BROKEN 1 #define LIBWRAP 1 #define LOGIN_PROGRAM_FALLBACK "/usr/bin/login" #define NO_IPPORT_RESERVED_CONCEPT 1 #define NO_X11_UNIX_SOCKETS 1 #define OPENSSL_PRNG_ONLY 1 #define PACKAGE_BUGREPORT "openssh-unix-dev at mindrot.org" #define PACKAGE_NAME "OpenSSH" #define PACKAGE_STRING "OpenSSH Portable" #define PACKAGE_TARNAME "openssh" #define PACKAGE_VERSION "Po...

...g("server_input_global_request: tcpip-forward listen %s port %d", - listen_address, listen_port); /* check permissions */ - if (!options.allow_tcp_forwarding || - no_port_forwarding_flag + if (!options.permit_tcp_listen || + auth_restricted(RESTRICT_TCP, pw) #ifndef NO_IPPORT_RESERVED_CONCEPT || (listen_port < IPPORT_RESERVED && pw->pw_uid != 0) #endif @@ -987,6 +986,8 @@ packet_send_debug("Server has disabled port forwarding."); } else { /* Start listening on the port */ + log("TCP forwarding listening on %s port %d", + liste...

Hi, OpenSSH 6.7 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a big release containing a number of features, a lot of internal refactoring and some potentially-incompatible changes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD:

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in