search for: pwnam

...led depending on the task at hand. What I am wondering is why it was chosen to implement privilege separation in this fashion, particularly the security implications of this design. Also, I would like to know if security would be weakened by allowing a slightly larger subset of operations (namely, PWNAM) to be executed at any time. Thank you in advance for your help, and please respond to my email address (eanderle at umich.edu) and CC all addresses CC'd here. Eric

...leaving from buffer_get in buffer_free ?before key_load_private_pem ?returning from key_load_private ?after key_load_private private host key: #1 type 2 DSA ?before setting protcol version options.protocol=4 ...sensitive_data.have_ssh1_key=0? sensitive_data.have_ssh2_key=1 use_privsep=1 ?before get pwnam ?after get pwnam ?before set groups ?before daemon starts ?after daemon starts before arc4random_stir before chdir ?before signal ?after signal ?in else condition AF_INET=2, AF_INET6=10 listen_sock=0ai->ai_family=2,ai->ai_socktype=2,ai->ai_protocol=6 listen_sock=5 Bind to port ssh on 0.0.....

Hello! Before this post, i'm send 3 problems in 3.0.11 I'm compiled 3.0.12rc1 and found next: 1) Settings primary group .... problem solved, but question to developer You append to mapping.c in smb_set_primary_group ret = smbrun(add_script,NULL); flush_pwnam_cache(); ^^^^^^^^^^^^^^^^^^^^ But not check ret code .....if my script exit in code != 0, i'm change primary group ... ( script "set primary group" still needed ? ) 2) Next in this code is winbind, but debug message string have code DEBUG(3,("smb_delete_group: You use c...

...leaving from buffer_get in buffer_free before key_load_private_pem returning from key_load_private after key_load_private private host key: #1 type 2 DSA before setting protcol version options.protocol=4 ...sensitive_data.have_ssh1_key=0 sensitive_data.have_ssh2_key=1 use_privsep=1 before get pwnam after get pwnam before set groups before daemon starts after daemon starts before arc4random_stir before chdir before signal after signal in else condition AF_INET=2, AF_INET6=10 listen_sock=0ai->ai_family=2,ai->ai_socktype=2,ai->ai_protocol=6 listen_sock=5 Bind to port ssh on 0.0.0...

...und causing damage for several years. And technically openssh is responsible for this bug breaking a ton of stuff for no particularly good reason. So... I've seen probably 20 or so proposed patches to address the issue here. Can we just select one? Or allow people to selectively remove the pwnam check in sshd_config? This is very annoying. And the reality is working around this or patching ssh willy nilly is not an acceptable way for engineering infrastructure. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching the reporter of the bug.

....org/mailman/listinfo/samba>, <mailto:samba-request@lists.samba.org?subject=unsubscribe> List-Archive: http://lists.samba.org/pipermail/samba/ On Sat, 19 May 2001, Andrew Bartlett wrote: Thanks for the response. > This could work given: > > You are using ldap in nsswitch, ie getpwnam() works. > You are using plain-text passwords. > (Encrypted password would require the /etc/smbpasswd file, or the > not-yet-compleate LDAP support). Unfortunately I have to deal with encrypted passwords - guess I'll have to wait for LDAP support for this type of solution. > Anoth...