search for: original_uid

I'm using OpenSSH 2.3.0p1. When my users use ssh for the first time, using rhosts authentication, entropy.c drops the privs in prng_write_seedfile() at the setuid(original_uid) line (line 550, approx): void prng_write_seedfile(void) { int fd; char seed[1024]; char filename[1024]; struct passwd *pw; /* Don't bother if we have already saved a seed */ if (prng_seed_saved) return; setuid(original_uid); /* ^^^^^^^^^^^^^^^^^^^^ ***HERE*** */ prng_se...

...ision 2.9.9.2.0.1 diff -pu -r2.9 -r2.9.9.2.0.1 --- entropy.c 2001/08/06 06:51:49 2.9 +++ entropy.c 2001/09/28 18:37:50 2.9.9.2.0.1 @@ -596,8 +596,8 @@ prng_check_seedfile(char *filename) { /* mode 0600, owned by root or the current user? */ if (((st.st_mode & 0177) != 0) || !(st.st_uid == original_uid)) { - debug("WARNING: PRNG seedfile %.100s must be mode 0600, owned by uid %d", - filename, getuid()); + debug("WARNING: PRNG seedfile %.100s must be mode 0600, owned by uid %ld", + filename, (long)getuid()); return(0); } @@ -621,8 +621,8 @@ prng_write_seedfile(vo...

The next OpenSSH release is close, too. If you want OpenSSH 3.2 to be the best version of OpenSSH, then please test the snapshots. If you like to see new features in future OpenSSH releases, then test the snapshots. If you are running OpenBSD then please test the OpenBSD snapshots. If you are running the portable OpenSSH release then please test the nightly snapshots from

In line 542 of entropy.c is the owner of the PRNG seedfile checked. Root is also a valid owner of this file. So the line must be: if (((st.st_mode & 0177) != 0) || !( (st.st_uid == original_uid) || (st.st_uid == 0) ) ) Regards, Martin --- Martin Luig email: email at Martin-Luig.de

...rng(void) { mysig_t old_sigchld_handler; --- 807,813 ---- * syscalls and program output */ void ! prng_seed_rng(void) { mysig_t old_sigchld_handler; *************** *** 860,871 **** } void ! init_rng(void) { int original_euid; - check_openssl_version(); - original_uid = getuid(); original_euid = geteuid(); --- 833,842 ---- } void ! prng_init_rng(void) { int original_euid; original_uid = getuid(); original_euid = geteuid(); *************** *** 912,915 **** prng_initialised = 1; } ! #endif /* defined(USE_PRNGD) || defined(RAND...

...tus: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: gert at greenie.muc.de Portability fixes needed for SCO Unix 3.2v4.0 (SCO OSR 3.0). entropy.c needs seteuid(getuid()) for the setuid(original_uid) to succeed. This is per the man page for setuid(), though I won't claim to understand the reasoning. sftp-server.c uses truncate(), which does not exist on SCO. Only ftruncate() exists (-Dftruncate=chsize). I'll try to attach patches. ------- You are receiving this mail because: ---...

...0000823.orig/entropy.c Sat Jul 15 06:59:15 2000 +++ openssh-SNAP-20000823.new/entropy.c Fri Aug 25 14:44:52 2000 @@ -67,6 +67,8 @@ # define RUSAGE_CHILDREN 0 #endif +char *ssh_prng_command_file = NULL; + #if defined(EGD_SOCKET) || defined(RANDOM_POOL) #ifdef EGD_SOCKET @@ -810,7 +812,7 @@ original_uid = getuid(); /* Read in collection commands */ - if (!prng_read_commands(SSH_PRNG_COMMAND_FILE)) + if (!prng_read_commands(ssh_prng_command_file)) fatal("PRNG initialisation failed -- exiting."); /* Set ourselves up to save a seed upon exit */ diff -ur openssh-SNAP-20000823.orig...

http://bugzilla.mindrot.org/show_bug.cgi?id=146 ------- Additional Comments From mouring at eviladmin.org 2002-03-08 07:38 ------- I just went through someone with this problem. And HAVE_BOGUS_SYS_QUEUE_H worked for them. However you must have BOTH HAVE_SYS_QUEUE_H and HAVE_BOGUS_SYS_QUEUE_H set. As for INADDR_LOOPBACK. I'd like to know where on BSD/OS that is defined so we can