search for: sanitise_stdfd

...+++++++--- 1 files changed, 17 insertions(+), 3 deletions(-) diff --git a/ssh.c b/ssh.c index d32ef78..8ebcc88 100644 --- a/ssh.c +++ b/ssh.c @@ -230,12 +230,25 @@ main(int ac, char **av) struct servent *sp; Forward fwd; - /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ - sanitise_stdfd(); - __progname = ssh_get_progname(av[0]); init_rng(); +#ifndef HAVE_SETPROCTITLE + /* Prepare for later setproctitle emulation */ + { + /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ + char **saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); + for (i = 0; i &...

OpenSSL 1.1.0 has deprecated this function. --- configure.ac | 1 + openbsd-compat/openssl-compat.c | 2 ++ openbsd-compat/openssl-compat.h | 4 ++++ 3 files changed, 7 insertions(+) diff --git a/configure.ac b/configure.ac index 3f7fe2cd..db2aade8 100644 --- a/configure.ac +++ b/configure.ac @@ -2710,6 +2710,7 @@ if test "x$openssl" = "xyes" ; then ])

https://bugzilla.mindrot.org/show_bug.cgi?id=1883 Summary: use setproctitle for persistent mux master Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy:

..._inset; #define CMDNEEDS 64 char cmd[CMDNEEDS]; /* must hold "rcp -r -p -d\0" */ @@ -324,6 +325,9 @@ main(int argc, char **argv) extern char *optarg; extern int optind; + fd_inset = 0; + fd_offset = 0; + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -344,7 +348,7 @@ main(int argc, char **argv) addargs(&args, "-oClearAllForwardings yes"); fflag = tflag = 0; - while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1) + while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:A:Z:"))...

On Mon, 17 Aug 2015, Todd C. Miller wrote: > I like the idea but tilde_expand_filename() calls fatal() if it > cannot resolve ~foo. This is not terrible when using -L and -R on > the normal command line but it seems pretty harsh to exit when -L > or -R are used via the ~C escape or the streamlocal-forward at openssh.com > request. > Message-Id: <aea6cdc1d1b42d07 at

...log_init() then prints a less useful message to stderr and exits. The following patch tidies this up by only printing the more useful error to stderr and not blundering on afterwards. --- sftp-server.c.orig Mon Jun 18 16:37:46 2007 +++ sftp-server.c Mon Jun 18 16:39:14 2007 @@ -1220,7 +1220,8 @@ sanitise_stdfd(); __progname = ssh_get_progname(argv[0]); - log_init(__progname, log_level, log_facility, log_stderr); + /* Send any argument errors to stderr */ + log_init(__progname, log_level, log_facility, 1); while (!skipargs && (ch = getopt(argc, argv, "C:f:l:che")) != -1) { switc...

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

Hi, I fell on this using openssh on cygwin. Though it may be a cygwin related issue, I think it's may be a bug on the main openssh tree. Thus my posting here. I'm CC'ing to the public list for information. The part of code I'm refering to is : /* XXX might close listen socket */ (void)dup2(fd, STDIN_FILENO); (void)dup2(fd, STDOUT_FILENO);

Hi, Dear OpenSSH support, I'm writing to ask whether this bug is fixed in your openSSH 6.0. If no, do you have any plan? https://bugzilla.redhat.com/show_bug.cgi?id=640857 Regards, Carol

If an ssh server receives a tun/tap tunnel request and sets up the tunnel concerned, as far as I can see there is currently no way for the server to configure the tunnel in a manner dependent upon (e.g) the key used to set up the ssh session. Whilst an id based on the key can be passed to the ssh child process, where the tunnel is dynamically allocated, its tunnel name is lost. This patch

during my seminar of advanced exploitation techniques (SEAT, [1]) i developed some methods to crack into system via DMA (e.g. via firewire). as part of this i developed a program that steals loaded ssh private keys from ssh-agents. i was astonished to find that the keys are not immediately removed from the agent when a timeout occurs, but only the next time the agent is queried via its socket. i

...dstr, *agentsocket = NULL; #ifdef HAVE_SETRLIMIT struct rlimit rlim; @@ -2015,6 +2027,9 @@ main(int ac, char **av) struct pollfd *pfd = NULL; size_t npfd = 0; u_int maxfds; +#ifdef WITH_SYSTEMD + int nfds = 0; +#endif /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -2142,6 +2157,25 @@ main(int ac, char **av) parent_pid = getpid(); +#ifdef WITH_SYSTEMD + nfds = sd_listen_fds(1); + if (nfds > 0) { + sock = SD_LISTEN_FDS_START; + if (agentsocket == NULL) { + fprintf(stderr, "%s not set, cannot use socket-activation", + SSH_AUTHSOC...

...sh-sshfp/ssh.c --- openssh/ssh.c 2010-11-20 05:19:38.000000000 +0100 +++ openssh-sshfp/ssh.c 2010-11-27 23:43:12.843314405 +0100 @@ -229,6 +229,7 @@ extern char *optarg; struct servent *sp; Forward fwd; + char *canohost; /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -760,7 +761,7 @@ #else original_effective_uid == 0 && options.use_privileged_port, #endif - options.proxy_command) != 0) + options.proxy_command, &canohost) != 0) exit(255); if (timeout_ms > 0) @@ -880,7 +881,7 @@ /* Log into the remote system. Never...

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which

...ue = 'com.apple.main-thread', stop reason = EXC_BAD_ACCESS (code=1, address=0x0) frame #0: 0x000000010000300e ssh-keygen`main(argc=0, argv=0x0000000000000000) at ssh-keygen.c:3355:32 [opt] 3352 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ 3353 sanitise_stdfd(); 3354 -> 3355 __progname = ssh_get_progname(argv[0]); 3356 3357 seed_rng(); 3358 Target 0: (ssh-keygen) stopped. warning: ssh-keygen was compiled with optimization - stepping may behave oddly; variables may not be available. (lldb) bt * thread #1, queue = 'com.a...

Hello! I'm hoping that Gmail won't HTML format this mail so that I'll get flamed :) Anyway, my question relates to ssh_config. The problem I find is that the Host pattern is only applied to the argument given on the command line, as outlined in the man page: "The host is the hostname argument given on the command line (i.e. the name is not converted to a canonicalized host name

...0 - do not use separate threads.\n"); +#endif exit(1); } @@ -1142,6 +1443,9 @@ char pidstrbuf[1 + 3 * sizeof pid]; struct timeval *tvp = NULL; size_t len; +#ifdef HAVE_LIBPTHREAD + int numthreads = -1; +#endif /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); @@ -1160,7 +1464,7 @@ __progname = ssh_get_progname(av[0]); seed_rng(); - while ((ch = getopt(ac, av, "cdksa:t:")) != -1) { + while ((ch = getopt(ac, av, "cdksa:t:p:")) != -1) { switch (ch) { case 'c': if (s_flag) @@ -1189,6 +1493,22 @@ usage();...