Displaying 8 results from an estimated 8 matches for "original_uid".
2001 Jan 16
1
ssh drops privs when it can't find ~/.ssh/prng_seed
I'm using OpenSSH 2.3.0p1. When my users use ssh for the first
time, using rhosts authentication, entropy.c drops the privs in
prng_write_seedfile() at the setuid(original_uid) line (line 550,
approx):
void
prng_write_seedfile(void) {
int fd;
char seed[1024];
char filename[1024];
struct passwd *pw;
/* Don't bother if we have already saved a seed */
if (prng_seed_saved)
return;
setuid(original_uid);
/* ^^^^^^^^^^^^^^^^^^^^ ***HERE*** */
prng_se...
2001 Sep 28
1
openssh-2.9.9p2 assumes pid_t, uid_t, etc. are not 'long'
...ision 2.9.9.2.0.1
diff -pu -r2.9 -r2.9.9.2.0.1
--- entropy.c 2001/08/06 06:51:49 2.9
+++ entropy.c 2001/09/28 18:37:50 2.9.9.2.0.1
@@ -596,8 +596,8 @@ prng_check_seedfile(char *filename) {
/* mode 0600, owned by root or the current user? */
if (((st.st_mode & 0177) != 0) || !(st.st_uid == original_uid)) {
- debug("WARNING: PRNG seedfile %.100s must be mode 0600, owned by uid %d",
- filename, getuid());
+ debug("WARNING: PRNG seedfile %.100s must be mode 0600, owned by uid %ld",
+ filename, (long)getuid());
return(0);
}
@@ -621,8 +621,8 @@ prng_write_seedfile(vo...
2002 Apr 05
14
PLEASE TEST snapshots
The next OpenSSH release is close, too.
If you want OpenSSH 3.2 to be the best version of OpenSSH,
then please test the snapshots.
If you like to see new features in future OpenSSH releases,
then test the snapshots.
If you are running OpenBSD then please test the OpenBSD
snapshots.
If you are running the portable OpenSSH release then please
test the nightly snapshots from
2000 Oct 11
1
Bug in OpenSSH 2.2.0p1
In line 542 of entropy.c is the owner of the PRNG seedfile checked. Root is
also a valid owner of this file.
So the line must be:
if (((st.st_mode & 0177) != 0) || !( (st.st_uid == original_uid) || (st.st_uid == 0) ) )
Regards,
Martin
---
Martin Luig
email: email at Martin-Luig.de
2001 Jun 07
2
Patch to enable multiple possible sources of entropy
...rng(void)
{
mysig_t old_sigchld_handler;
--- 807,813 ----
* syscalls and program output
*/
void
! prng_seed_rng(void)
{
mysig_t old_sigchld_handler;
***************
*** 860,871 ****
}
void
! init_rng(void)
{
int original_euid;
- check_openssl_version();
-
original_uid = getuid();
original_euid = geteuid();
--- 833,842 ----
}
void
! prng_init_rng(void)
{
int original_euid;
original_uid = getuid();
original_euid = geteuid();
***************
*** 912,915 ****
prng_initialised = 1;
}
! #endif /* defined(USE_PRNGD) || defined(RAND...
2002 Apr 07
0
[Bug 208] New: SCO build/runtime fixes
...tus: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: gert at greenie.muc.de
Portability fixes needed for SCO Unix 3.2v4.0 (SCO OSR 3.0).
entropy.c needs seteuid(getuid()) for the setuid(original_uid) to
succeed. This is per the man page for setuid(), though I won't claim to
understand the reasoning.
sftp-server.c uses truncate(), which does not exist on SCO. Only ftruncate()
exists (-Dftruncate=chsize). I'll try to attach patches.
------- You are receiving this mail because: ---...
2000 Aug 25
1
[patch] configurable ssh_prng_cmds
...0000823.orig/entropy.c Sat Jul 15 06:59:15 2000
+++ openssh-SNAP-20000823.new/entropy.c Fri Aug 25 14:44:52 2000
@@ -67,6 +67,8 @@
# define RUSAGE_CHILDREN 0
#endif
+char *ssh_prng_command_file = NULL;
+
#if defined(EGD_SOCKET) || defined(RANDOM_POOL)
#ifdef EGD_SOCKET
@@ -810,7 +812,7 @@
original_uid = getuid();
/* Read in collection commands */
- if (!prng_read_commands(SSH_PRNG_COMMAND_FILE))
+ if (!prng_read_commands(ssh_prng_command_file))
fatal("PRNG initialisation failed -- exiting.");
/* Set ourselves up to save a seed upon exit */
diff -ur openssh-SNAP-20000823.orig...
2002 Mar 07
11
[Bug 146] OpenSSH 3.1p1 will not build on BSD/OS 4.2/4.1/4.01
http://bugzilla.mindrot.org/show_bug.cgi?id=146
------- Additional Comments From mouring at eviladmin.org 2002-03-08 07:38 -------
I just went through someone with this problem. And HAVE_BOGUS_SYS_QUEUE_H
worked for them. However you must have BOTH HAVE_SYS_QUEUE_H and
HAVE_BOGUS_SYS_QUEUE_H set.
As for INADDR_LOOPBACK. I'd like to know where on BSD/OS that is defined
so we can