search for: setpcred

Displaying 20 results from an estimated 25 matches for "setpcred".

Did you mean: setcred
2005 Jan 05
3
[Bug 969] early setpcred() stomps on PAM
http://bugzilla.mindrot.org/show_bug.cgi?id=969 Summary: early setpcred() stomps on PAM Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: dleon...
2009 Mar 02
0
About setpcred() and chroot()
Hi, I need to use sftp-only accounts, chroot()ed in their home dirs, on AIX 5.3 with OpenSSH_5.2p1. But there is a problem with the chroot() call. In the do_setusercontext() function, chroot() is called after the setpcred() (only AIX is concerned by the setpcred() call), so privileges are already dropped when chroot() is called. When not calling setpcred(), the chroot() does not fail and the privileges are dropped anyway within the permanently_set_uid() call, just after the safely_chroot() call. Is the setpcred()...
2002 Aug 13
1
Further comment on chroot patch for openssh-3.4p1
The way this was last supplied to this list (2002-07-13) has the chroot after the call to 'setpcred'. In AIX 4.3.3 the call to setpcred changes the uid and eff. uid to the user attempting to logon. Then the call to chroot( new_home ) fails because AIX requires that any user issuing the chroot subroutine be at root authority. Net result: attempting to do a chroot after the call to setpcred f...
2009 Mar 06
20
[Bug 1567] New: Insufficient privileges to chroot() on AIX
...AssignedTo: unassigned-bugs at mindrot.org ReportedBy: bana at docisland.org I need to use sftp-only accounts, chroot()ed in their home dirs, on AIX 5.3 with OpenSSH_5.2p1. But there is a problem with the chroot() call. In the do_setusercontext() function, chroot() is called after the setpcred() (only AIX is concerned by the setpcred() call), so privileges are already dropped when chroot() is called. When not calling setpcred(), the chroot() does not fail and the privileges are dropped anyway within the permanently_set_uid() call, just after the safely_chroot() call. Is the setpcred()...
2006 Oct 09
3
[Bug 1249] pam_open_session called with dropped privs
...Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at vintela.com pam_open_session() is being called with euid/uid set to the authenticated user (instead of root) It seems that do_setusercontext() calls setpcred() early, but setpcred() has the effect of setting uid/euid to the authenticated user. This can't be undone, and the subsequent calls to do_pam_session() are unprivileged. This is bad for our pam module that creates missing home directories. Reproduced on oslevels 4330-11, 5100-03, 5200-04 Se...
2002 Jun 06
9
[Bug 261] AIX capabilities + port-aix.c cleanup
...ly got a chance to try this. I got compile errors with gcc on AIX 4.2.1 and 4.3.3. gcc -g -O2 -Wall -Wpointer-arith -Wno-uninitialized -I. -I.. -I/usr/local/include -DHAVE_CONFIG_H -c port-aix.c port-aix.c: In function `set_limits_from_userattr': port-aix.c:35: too few arguments to function `setpcred' port-aix.c:36: too few arguments to function `setpenv' The following patch works for me. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
2003 Jul 03
0
AIX cleanups: includes and arguments
...e details: attached is a patch that changes some of the #includes for AIX. It moves the AIX-specific includes to port-aix.h and adds includes that contain the prototypes for many of the authentication functions. The idea isto fix some warnings. Unfortunately this exposes a couple of problems: * setpcred call does not match prototype * loginfailed on AIX 5.2 takes an (optional?) extra argument: Reason The patch changes the setpcred call to: setpcred(pw->pw_name, (char **)NULL); It also adds configure magic to detect a 4-arg loginfailed and #defines to use the appropriate call (hidden in port...
2003 Oct 28
4
AIX patch for openssh-3.7.1p2
There are a couple of bugs in the openssh-3.7.1p2. The aix_setauthdb function does not work with other types of authentication such as AFS/DFS. The loginfailed test in configure is not correct. Also, AIX can use the wtmp logging which I added in configure. Attached is the patch. Thanks, Matt Richards -------------- next part -------------- *** openssh-3.7.1p2/openbsd-compat/port-aix.c Mon Jul 14
2002 May 31
0
[Bug 261] New: AIX capabilities + port-aix.c cleanup
...nedTo: openssh-unix-dev at mindrot.org ReportedBy: janfrode at parallab.uib.no OpenSSH isn't setting the AIX capabilities correctly, so I had a look into fixing this. It looks to me like port-aix.c could be simplified by removing all setrlimit() calls and instead use the AIX functions setpcred()/setpenv() to set up the user environment. They are documented in http://tre.ii.uib.no/doc_link/en_US/a_doc_lib/libs/basetrf2/setpcred.htm http://tre.ii.uib.no/doc_link/en_US/a_doc_lib/libs/basetrf2/setpenv.htm Please consider applying the following patches so that we can use OpenSSH to ru...
2002 Jun 25
3
BSD/OS with privsep
...ged child process to deal with network data */ --- session.c.orig Tue Jun 25 13:28:07 2002 +++ session.c Tue Jun 25 13:33:16 2002 @@ -1154,22 +1154,26 @@ { #ifdef HAVE_CYGWIN if (is_winnt) { #else /* HAVE_CYGWIN */ if (getuid() == 0 || geteuid() == 0) { #endif /* HAVE_CYGWIN */ #ifdef HAVE_SETPCRED setpcred(pw->pw_name); #endif /* HAVE_SETPCRED */ #ifdef HAVE_LOGIN_CAP - if (setusercontext(lc, pw, pw->pw_uid, - (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) { + int flags = LOGIN_SETALL & ~LOGIN_SETPATH; +#ifdef __bsdi__ + if (getpid() != getpgrp()) + flags &= ~LOGIN...
2009 Dec 01
4
[Bug 1678] New: Insufficient privileges to chroot() on AIX
...9; Changed root directory to "/home/test" Failed to set process credentials .. then it quits. I attached the truss log from AIX 6.1 (truss_log.txt) I also attached the fix that worked for me (this code was posted already in https://bugzilla.mindrot.org/attachment.cgi?id=1669 ). I call setpcred before chroot. Already posted this on https://bugzilla.mindrot.org/show_bug.cgi?id=1567 but had no reply. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
2003 Oct 02
1
Connection drops after entering password.
Has anyone seen the error that I'm getting below? After you ssh to the box and enter the password the connection just closes. SSH Version { root at xxxxxxxx} # ssh -V OpenSSH_3.7p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7b 10 Apr 2003 OS Version { root at xxxxxxxx } # oslevel -r AIX 4330-09 SSH Connect Failure { root at xxxxxxxxx } # ssh -l xxxxxxxxx -v localhost OpenSSH_3.7p1, SSH protocols
2002 May 14
1
AIX capabilities not set
Hi, we're in the process of setting up large-page support on IBM regattas, but for large-page support the users have to have a set of extra capabilities (CAP_BYPASS_RAC_VMM,CAP_PROPAGATE). This are configured on a per user basis by listing which capability each user have in /etc/security/user. Unfortunately they don't get set when the users log in via OpenSSH (3.1p1). Does anybody know
2008 Jun 14
0
[Bug 1249] pam_open_session called with dropped privs
...-------------------------------------------- CC| |dtucker at zip.com.au --- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2008-06-15 05:27:49 --- I think this was fixed with the change for bug #926. Can you confirm? Also, how does the setpcred change relate to this bug and is it still needed? Thanks. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
2002 Oct 25
0
NeXT Community
...md5_crypt memmove \ - mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \ + mkdtemp ngetaddrinfo openpty ogetaddrinfo readpassphrase \ realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ socketpair strerror strlcat strlcpy strmode sysconf tcgetpgrp \ truncate utimes vhangup vsnprintf waitpid __b64_ntop _getpty) + +dnl Make sure that mmap prototype is defined before defining HAVE_MMAP +AC_CHECK_DECL(mmap, [AC_CHECK_FUNCS(mmap)]) dnl Make sur...
2003 Apr 15
3
[Bug 543] sshd does not use AIX's setauthdb
http://bugzilla.mindrot.org/show_bug.cgi?id=543 Summary: sshd does not use AIX's setauthdb Product: Portable OpenSSH Version: 3.6p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: cawlfiel at
2003 Feb 01
1
Build errors on AIX 4.2.1: nanosleep
...ssphrase \ + inet_ntop innetgr login_getcapbool md5_crypt memmove mkdtemp \ + mmap ngetaddrinfo nsleep openpty ogetaddrinfo pstat readpassphrase \ realpath recvmsg rresvport_af sendmsg setdtablesize setegid \ setenv seteuid setgroups setlogin setproctitle setresgid setreuid \ setrlimit setsid setpcred setvbuf sigaction sigvec snprintf \ Index: openbsd-compat/port-aix.h =================================================================== RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/openbsd-compat/port-aix.h,v retrieving revision 1.6 diff -u -r1.6 port-aix.h --- openbsd-compat/port-aix...
2008 Mar 21
1
ChrootDirectory fails if compiled with SELinux support (whether or not using SELinux)
Hi, (please CC me as I'm not subscribed to the list) If compiled with SELinux support, OpenSSH 4.8 current cvs fails for accounts where the new ChrootDirectory option is active : debug1: PAM: establishing credentials debug3: PAM: opening session debug2: User child is on pid 1695 debug3: mm_request_receive entering debug1: PAM: establishing credentials debug3: safely_chroot: checking
2004 Jan 22
1
AIX and openssh 3.7.1p2 with privsep
I am attempting to run openssh 3.7.1p2 with privsep on AIX 5.2 ML2 (with the december 2003 critical patches also). This was compiled on the host machine with the IBM Visual Age C compiler (C for AIX Compiler, Version 5). I did not have any trouble compiling. My configure was ./configure --with-tcp-wrappers, and I have the freeware tcp wrappers (freeware.tcp_wrappers.rte 7.6.1.5), and a compiled
2002 Jul 04
4
Chroot patch (v3.4p1)
The following is a patch I've been working on to support a "ChrootUser" option in the sshd_config file. I was looking for a way to offer sftp access and at the same time restict interactive shell access. This patch is a necessary first step (IMO). It applies clean with 'patch -l'. Also attached is a shell script that helps to build a chrooted home dir on a RedHat 7.2