Displaying 20 results from an estimated 25 matches for "setpcred".
Did you mean:
setcred
2005 Jan 05
3
[Bug 969] early setpcred() stomps on PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=969
Summary: early setpcred() stomps on PAM
Product: Portable OpenSSH
Version: 3.9p1
Platform: All
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: dleon...
2009 Mar 02
0
About setpcred() and chroot()
Hi,
I need to use sftp-only accounts, chroot()ed in their home dirs, on AIX 5.3
with OpenSSH_5.2p1.
But there is a problem with the chroot() call.
In the do_setusercontext() function, chroot() is called after the setpcred()
(only AIX is concerned by the setpcred() call), so privileges are already
dropped when chroot() is called.
When not calling setpcred(), the chroot() does not fail and the privileges
are dropped anyway within the permanently_set_uid() call, just after the
safely_chroot() call.
Is the setpcred()...
2002 Aug 13
1
Further comment on chroot patch for openssh-3.4p1
The way this was last supplied to this list (2002-07-13) has the chroot
after the call to 'setpcred'. In AIX 4.3.3 the call to setpcred changes
the uid and eff. uid to the user attempting to logon. Then the call to
chroot( new_home ) fails because AIX requires that any user issuing
the chroot subroutine be at root authority.
Net result: attempting to do a chroot after the call to setpcred f...
2009 Mar 06
20
[Bug 1567] New: Insufficient privileges to chroot() on AIX
...AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: bana at docisland.org
I need to use sftp-only accounts, chroot()ed in their home dirs, on AIX
5.3 with OpenSSH_5.2p1.
But there is a problem with the chroot() call.
In the do_setusercontext() function, chroot() is called after the
setpcred() (only AIX is concerned by the setpcred() call), so
privileges are already dropped when chroot() is called.
When not calling setpcred(), the chroot() does not fail and the
privileges
are dropped anyway within the permanently_set_uid() call, just after
the
safely_chroot() call.
Is the setpcred()...
2006 Oct 09
3
[Bug 1249] pam_open_session called with dropped privs
...Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: dleonard at vintela.com
pam_open_session() is being called with euid/uid set to the
authenticated user (instead of root)
It seems that do_setusercontext() calls setpcred() early, but
setpcred() has the effect of setting uid/euid to the authenticated
user. This can't be undone, and the subsequent calls to
do_pam_session() are unprivileged.
This is bad for our pam module that creates missing home directories.
Reproduced on oslevels 4330-11, 5100-03, 5200-04
Se...
2002 Jun 06
9
[Bug 261] AIX capabilities + port-aix.c cleanup
...ly got a chance to try this. I got compile errors with gcc on AIX 4.2.1
and 4.3.3.
gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I..
-I/usr/local/include -DHAVE_CONFIG_H -c port-aix.c
port-aix.c: In function `set_limits_from_userattr':
port-aix.c:35: too few arguments to function `setpcred'
port-aix.c:36: too few arguments to function `setpenv'
The following patch works for me.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2003 Jul 03
0
AIX cleanups: includes and arguments
...e details: attached is a patch that changes some of the #includes
for AIX. It moves the AIX-specific includes to port-aix.h and adds
includes that contain the prototypes for many of the authentication
functions. The idea isto fix some warnings.
Unfortunately this exposes a couple of problems:
* setpcred call does not match prototype
* loginfailed on AIX 5.2 takes an (optional?) extra argument: Reason
The patch changes the setpcred call to:
setpcred(pw->pw_name, (char **)NULL);
It also adds configure magic to detect a 4-arg loginfailed and #defines
to use the appropriate call (hidden in port...
2003 Oct 28
4
AIX patch for openssh-3.7.1p2
There are a couple of bugs in the openssh-3.7.1p2. The aix_setauthdb
function does not work with other types of authentication such as AFS/DFS.
The loginfailed test in configure is not correct. Also, AIX can use the
wtmp logging which I added in configure. Attached is the patch.
Thanks,
Matt Richards
-------------- next part --------------
*** openssh-3.7.1p2/openbsd-compat/port-aix.c Mon Jul 14
2002 May 31
0
[Bug 261] New: AIX capabilities + port-aix.c cleanup
...nedTo: openssh-unix-dev at mindrot.org
ReportedBy: janfrode at parallab.uib.no
OpenSSH isn't setting the AIX capabilities correctly, so I had a look into
fixing this. It looks to me like port-aix.c could be simplified by removing all
setrlimit() calls and instead use the AIX functions setpcred()/setpenv() to set
up the user environment. They are documented in
http://tre.ii.uib.no/doc_link/en_US/a_doc_lib/libs/basetrf2/setpcred.htm
http://tre.ii.uib.no/doc_link/en_US/a_doc_lib/libs/basetrf2/setpenv.htm
Please consider applying the following patches so that we can use OpenSSH to ru...
2002 Jun 25
3
BSD/OS with privsep
...ged child process to deal with network data */
--- session.c.orig Tue Jun 25 13:28:07 2002
+++ session.c Tue Jun 25 13:33:16 2002
@@ -1154,22 +1154,26 @@
{
#ifdef HAVE_CYGWIN
if (is_winnt) {
#else /* HAVE_CYGWIN */
if (getuid() == 0 || geteuid() == 0) {
#endif /* HAVE_CYGWIN */
#ifdef HAVE_SETPCRED
setpcred(pw->pw_name);
#endif /* HAVE_SETPCRED */
#ifdef HAVE_LOGIN_CAP
- if (setusercontext(lc, pw, pw->pw_uid,
- (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
+ int flags = LOGIN_SETALL & ~LOGIN_SETPATH;
+#ifdef __bsdi__
+ if (getpid() != getpgrp())
+ flags &= ~LOGIN...
2009 Dec 01
4
[Bug 1678] New: Insufficient privileges to chroot() on AIX
...9;
Changed root directory to "/home/test"
Failed to set process credentials
.. then it quits.
I attached the truss log from AIX 6.1 (truss_log.txt)
I also attached the fix that worked for me (this code was posted
already in https://bugzilla.mindrot.org/attachment.cgi?id=1669 ). I
call setpcred before chroot.
Already posted this on
https://bugzilla.mindrot.org/show_bug.cgi?id=1567 but had no reply.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
2003 Oct 02
1
Connection drops after entering password.
Has anyone seen the error that I'm getting below? After you ssh to the box
and enter the password the connection just closes.
SSH Version
{ root at xxxxxxxx} # ssh -V
OpenSSH_3.7p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7b 10 Apr 2003
OS Version
{ root at xxxxxxxx } # oslevel -r
AIX 4330-09
SSH Connect Failure
{ root at xxxxxxxxx } # ssh -l xxxxxxxxx -v localhost
OpenSSH_3.7p1, SSH protocols
2002 May 14
1
AIX capabilities not set
Hi,
we're in the process of setting up large-page support on IBM regattas,
but for large-page support the users have to have a set of extra
capabilities (CAP_BYPASS_RAC_VMM,CAP_PROPAGATE). This are configured
on a per user basis by listing which capability each user have in
/etc/security/user.
Unfortunately they don't get set when the users log in via OpenSSH
(3.1p1). Does anybody know
2008 Jun 14
0
[Bug 1249] pam_open_session called with dropped privs
...--------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2008-06-15 05:27:49 ---
I think this was fixed with the change for bug #926. Can you confirm?
Also, how does the setpcred change relate to this bug and is it still
needed?
Thanks.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
2002 Oct 25
0
NeXT Community
...md5_crypt memmove \
- mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
+ mkdtemp ngetaddrinfo openpty ogetaddrinfo readpassphrase \
realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
socketpair strerror strlcat strlcpy strmode sysconf tcgetpgrp \
truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty)
+
+dnl Make sure that mmap prototype is defined before defining HAVE_MMAP
+AC_CHECK_DECL(mmap, [AC_CHECK_FUNCS(mmap)])
dnl Make sur...
2003 Apr 15
3
[Bug 543] sshd does not use AIX's setauthdb
http://bugzilla.mindrot.org/show_bug.cgi?id=543
Summary: sshd does not use AIX's setauthdb
Product: Portable OpenSSH
Version: 3.6p1
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: cawlfiel at
2003 Feb 01
1
Build errors on AIX 4.2.1: nanosleep
...ssphrase \
+ inet_ntop innetgr login_getcapbool md5_crypt memmove mkdtemp \
+ mmap ngetaddrinfo nsleep openpty ogetaddrinfo pstat readpassphrase \
realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
setenv seteuid setgroups setlogin setproctitle setresgid setreuid \
setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \
Index: openbsd-compat/port-aix.h
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.h,v
retrieving revision 1.6
diff -u -r1.6 port-aix.h
--- openbsd-compat/port-aix...
2008 Mar 21
1
ChrootDirectory fails if compiled with SELinux support (whether or not using SELinux)
Hi,
(please CC me as I'm not subscribed to the list)
If compiled with SELinux support, OpenSSH 4.8 current cvs fails for
accounts where the new ChrootDirectory option is active :
debug1: PAM: establishing credentials
debug3: PAM: opening session
debug2: User child is on pid 1695
debug3: mm_request_receive entering
debug1: PAM: establishing credentials
debug3: safely_chroot: checking
2004 Jan 22
1
AIX and openssh 3.7.1p2 with privsep
I am attempting to run openssh 3.7.1p2 with privsep on AIX 5.2 ML2 (with
the december 2003 critical patches also).
This was compiled on the host machine with the IBM Visual Age C compiler (C
for AIX Compiler, Version 5).
I did not have any trouble compiling.
My configure was ./configure --with-tcp-wrappers, and I have the freeware
tcp wrappers (freeware.tcp_wrappers.rte 7.6.1.5),
and a compiled
2002 Jul 04
4
Chroot patch (v3.4p1)
The following is a patch I've been working on to support a "ChrootUser"
option in the sshd_config file.
I was looking for a way to offer sftp access and at the same time restict
interactive shell access. This patch is a necessary first step (IMO).
It applies clean with 'patch -l'.
Also attached is a shell script that helps to build a chrooted home dir on
a RedHat 7.2