search for: privsep_postauth

...t.cgi?id=2368&action=edit A patch which seems to solve this problem. I got "sshd[$pid]: fatal: fork of unprivileged child failed" in /var/log/secure but the connection with ssh client remained. I examined the cause and found that this problem happens when fork() in privsep_preauth()/privsep_postauth() fails. You can easily reproduce this problem by replacing fork() in privsep_preauth()/privsep_postauth() with -1. I don't know what is the right fix, but at least forcibly closing all sockets before exit() seems to solve this problem. I'm using RHEL 6.4's openssh-5.3p1-84.1.el6.src....

...o specify arbitrarily high limits for users listed. The problem appears to be that do_pam_session is being called after we drop to the user's uid. Without privsep turned on, this all work, as we drop to the user's uid after do_pam_session. Specifically: with privsep on, do_setusercontext in privsep_postauth (sshd.c) is called before do_pam_session in do_exec_pty (session.c). Without privsep, we only drop root privs in do_child (session.c), which is after we do_exec_pty, since (obviously) the former code/call to do_setusercontext is unreached. A possible (does appear to work, though not properly tested...

...auth module of pam_krb5 is never called by ssh, so it never has a chance to set KRB5CCNAME. sshd eventually exports the KRB5CCNAME variable into the PAM environment, but it doesn?t happen until the ssh_gssapi_krb5_storecred function, which occurs after the call to do_pam_session is made during the privsep_postauth process. Here an outline of the code in the main function of sshd.c that outlines the problem: authenticated: /* * In privilege separation, we fork another child and prepare * file descriptor passing. */ if (use_privsep) { /***** eventually calls do_pam_session *******/...

Hello, I'm trying to implement setting of user limits (ulimit) in sshd. I'm not using PAM so I need it in the sshd itself. The task is very simple - just to put one line calling setup_limits(pw); and link with -lshadow. But the problem is, where to put this line. I did it in session.c, in do_child(), like this: #ifdef HAVE_OSF_SIA session_setup_sia(pw, s->ttyfd == -1 ? NULL

http://bugzilla.mindrot.org/show_bug.cgi?id=585 ------- Additional Comments From dtucker at zip.com.au 2003-07-07 00:32 ------- dmalloc (http://dmalloc.com/) claims to work on IRIX. It's likely to increase the CPU and memory load, though. I've built with dmalloc on Linux thusly: LDFLAGS=-ldmalloc ./configure && make eval `dmalloc -l /path/to/log high` ./sshd [options]

...bug for me, but I'd like to ask if someone has the same problem. We are using OpenSSH 4.3p2 from Debian 4.0 (stable), but the same problem is with original OpenSSH 4.3p2. When root logins with his kerberos ticket and then logout, his ticket remains on the machine. I found in source (sshd.c) in privsep_postauth function, that if root logins then use_privsep is set to 0 and call of function do_setusercontext is skipped. But the function do_setusercontext calls ssh_gssapi_storecreds where structure client->store.filename is filled with the filename of kerberos ticket. So then if ssh_gssapi_cleanup_creds...

http://bugzilla.mindrot.org/show_bug.cgi?id=1011 Summary: Multiple log entries for successful pubkey authentication Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at

...eturn (1); } else { /* child */ - close(pmonitor->m_sendfd); + close(pmonitor->m_log_recvfd); + + /* Arrange for logging to be sent to the monitor */ + set_log_handler(mm_log_handler, pmonitor); /* Demote the child */ if (getuid() == 0 || geteuid() == 0) @@ -685,7 +686,6 @@ privsep_postauth(Authctxt *authctxt) fatal("fork of unprivileged child failed"); else if (pmonitor->m_pid != 0) { verbose("User child is on pid %ld", (long)pmonitor->m_pid); - close(pmonitor->m_recvfd); buffer_clear(&loginmsg); monitor_child_postauth(pmonitor); @@ -...

...cc] 9 monitor_read(pmonitor = 0x10152650, ent = 0x10137750, pent = (nil)) ["/usr/local/src/security/openssh-3.6.1p1/monitor.c":371, 0x10040ef4] 10 monitor_child_postauth(pmonitor = 0x10152650) ["/usr/local/src/security/openssh-3.6.1p1/monitor.c":334, 0x10040d4c] 11 privsep_postauth(authctxt = 0x10151560) ["/usr/local/src/security/openssh-3.6.1p1/sshd.c":665, 0x10025f18] 12 main(ac = 1, av = 0x7fff2fa4) ["/usr/local/src/security/openssh-3.6.1p1/sshd.c":1533, 0x10028a28] 13 __start() ["/xlv55/kudzu-apr12/work/irix/lib/libc/libc_n32_M4/csu/crt...

...rally in chroot). How does it work? We are trying to solve this problem on two fronts: - In do_child, we check if the /dev/log is available in the chroot and if not, we "leak the FD" to the internal-sftp process. We also postpone the closefrom() call after the internal-sftp call. - In privsep_postauth(), we have the same check (it could be probably written more nicely) which takes care of setting up log FDs going through the monitor. The idea is that this change should not modify behavior of the existing setup in case the /dev/log is available in chroot. Originally posted in on the mailing li...

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

...exit. */ fatal("Timeout before authentication for %s", get_remote_ipaddr()); } @@ -536,6 +539,7 @@ demote_sensitive_data(void) /* We do not clear ssh1_host key and cookie. XXX - Okay Niels? */ } +#ifdef USE_PRIVSEP static void privsep_preauth_child(void) { @@ -678,6 +682,7 @@ privsep_postauth(Authctxt *authctxt) */ packet_set_authenticated(); } +#endif /* USE_PRIVSEP */ static char * list_hostkey_types(void) @@ -1691,10 +1696,11 @@ main(int ac, char **av) /* prepare buffer to collect messages to display to user after login */ buffer_init(&loginmsg); +#ifdef USE_PRIVS...

http://bugzilla.mindrot.org/show_bug.cgi?id=585 Summary: sshd core dumping on IRIX 6.5.18 with VerifyReverseMapping enabled Product: Portable OpenSSH Version: -current Platform: MIPS OS/Version: IRIX Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo:

...>m_pid = pid; if (box != NULL) ssh_sandbox_parent_preauth(box, pid); monitor_child_preauth(authctxt, pmonitor); + if (auth_conn) { + ssh_close_authentication_connection(auth_conn); + auth_conn = NULL; + } + /* Sync memory */ monitor_sync(pmonitor); @@ -704,10 +716,11 @@ privsep_postauth(Authctxt *authctxt) u_int32_t rnd[256]; #ifdef DISABLE_FD_PASSING - if (1) { + if (1) #else - if (authctxt->pw->pw_uid == 0 || options.use_login) { + if (authctxt->pw->pw_uid == 0 || options.use_login) #endif + { /* File descriptor passing is broken or root login */ use_pri...