search for: setreuid

Sorry if I'm duplicating an existing patch, but... On systems with no seteuid() that have setreuid() there is an emulation, but if both are lacking (but we do have setresuid()), nothing is done. The following seems to be right, but I've only got one machine (running an ancient version of HP-UX) which needs this so it may not be general: --cut-here-- --- config.h.in.orig Thu Jun 7 14:18:57...

Well, I had just finally gotten around to downloading a snapshot to test the latest on Tru64 a couple of days ago but hadn't had a chance to build it yet, and 3.7p1 has now been released. Sigh. The problem is that Tru64 setreuid() and setregid() are broken, so privsep doesn't work. This could also be a security problem for SIA authentication in general (any version of OpenSSH on Tru64, using PrivSep or not), as I wrote auth-sia.c to use setreuid() (per the Tru64 SIA documentation), so the saved UID carries forward the...

http://bugzilla.mindrot.org/show_bug.cgi?id=715 Summary: usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo: open...

For chdir03 investigation result: The fail is caused by the mkdir fail after setreuid. Key code in the test case: if ((pid =3D fork()) < 0) { tst_brkm(TBROK, cleanup, "first fork failed"); } if (pid =3D=3D 0) { /* first child */ /* set the child's ID to ltpuser1 */ if (setreuid(ltpuser1->pw_uid, l...

...ug.cgi?id=657 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Priv seperation causes |Priv seperation causes |segfault |setreuid error ------- Additional Comments From dtucker at zip.com.au 2003-09-18 09:20 ------- Try adding: #define SETEUID_BREAKS_SETUID 1 #define BROKEN_SETREUID 1 #define BROKEN_SETREGID 1 to your config.h and recompiling (don't re-run configure) ------- You are receiving this mail because: --...

...start_glob=0; int ret; char *request=NULL; +#ifdef HAVE_LINUX_CAPS + cap_t cp; + cap_value_t newcaps[2] = { CAP_SYS_CHROOT, CAP_DAC_READ_SEARCH }; +#endif extern int am_sender; extern int am_server; extern int am_daemon; @@ -373,12 +389,46 @@ } #endif +#ifdef HAVE_LINUX_CAPS + if (setreuid(uid, 0)) { + rsyserr(FERROR, errno, "setreuid(%d,0) failed", (int) uid); + io_printf(f_out, "@ERROR: setreuid failed\n"); + return -1; + } + if( prctl(PR_SET_KEEPCAPS, 1) < 0 ) { + rsyserr(FERROR, errno, "prctl failed"); + io_printf(f_out, "@ERROR:...

...t least of all since I didn't worry about #ifdef's or the configure scripts. However hopefully this will be of use to you. This is all for openssh-2.2.0p1 compiled alongside openssl-0.9.5a and zlib-1.1.3. Under HP-UX =========== uname -smr HP-UX A.09.03 9000/735 There is no seteuid or setreuid, but there is a setresuid, so using your model in bsd-misc.c, I did: ----------- #if !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) int seteuid(uid_t euid) { return(setreuid(-1,euid)); } #endif /* !defined(HAVE_SETEUID) && defined(HAVE_SETREUID) */ /* JPK */ int seteuid(u...

...(&ent); error("setpriority failed: %s", strerror (errno)); exit(1); } ! if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) { error("couldn't launch session for %s from %s", user, host); exit(1); } ! sia_ses_release(&ent); if (setreuid(geteuid(), geteuid()) < 0) { error("setreuid failed: %s", strerror (errno)); exit(1); } } #endif /* HAVE_OSF_SIA */ --- 78,100 ---- } if (setpriority(PRIO_PROCESS, 0, 0) == -1) { ! sia_ses_release(&__sia_ent); error("setpriority failed: %s&quot...

...ct_trm, ent) != SIASUCCESS) - fatal("couldn't launch session for %s from %s", user, host); + if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) { + error("couldn't launch session for %s from %s", user, host); + exit(1); + } sia_ses_release(&ent); - if (setreuid(geteuid(), geteuid()) < 0) - fatal("setreuid failed: %s", strerror (errno)); + if (setreuid(geteuid(), geteuid()) < 0) { + error("setreuid failed: %s", strerror (errno)); + exit(1); + } } #endif /* HAVE_OSF_SIA */ diff -urN openssh_cvs/session.c openssh/session.c --...

A while back, I sent in a patch that added Digital Unix SIA authentication to OpenSSH. Well, I just figured out that it didn't handle everything correctly (locked accounts could still log in). I thought I had checked that, but I guess I missed it. Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this. -- Chris Adams <cmadams at hiwaay.net> Systems and Network Administrator

...fatal("setpriority: %s", strerror (errno)); } - if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) { + if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) fatal("Couldn't launch session for %s from %s", user, host); - } - + sia_ses_release(&ent); - if (setreuid(geteuid(), geteuid()) < 0) { - fatal("setreuid: %s", strerror(errno)); + /* XXX: Should this be be around a if (!use_privsep) ? */ + if (!use_privsep) { + if (setreuid(geteuid(), geteuid()) < 0) + fatal("setreuid: %s", strerror(errno)); } } - #endif /* HAVE_OSF_SIA...

...at all suited to inclusion in the source tree, but they might point someone in the right direction for a more robust solution. The seteuid() "hack" isn't too bad, though the comments are a bit excessive. (Upshot: HP-UX 9.05 has setuid() and setresuid() but not seteuid() or setreuid(); RLIMIT_CORE is only defined if _KERNEL is defined (it's labeled "unsupported BSD stuff" in <sys/resource.h>); and the "#ifdef __hpux" stuff in auth-passwd.c doesn't work on 9.05. Ugh.) * "ssh localhost command" works just fine, as does "ssh...

...nch session for %s from %s", user, host); > - } > + if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) > + fatal("Couldn't launch session for %s from %s", pw->pw_name, > + host); > > sia_ses_release(&ent); > > - if (setreuid(geteuid(), geteuid()) < 0) { > + if (setreuid(geteuid(), geteuid()) < 0) > fatal("setreuid: %s", strerror(errno)); > - } > } > > #endif /* HAVE_OSF_SIA */ > diff -urN openssh-SNAP-20020826/auth-sia.h openssh/auth-sia.h > --- openssh-SNA...

...p(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4d64ee9000 lseek(34, 0, SEEK_CUR) = 24925 write(34, " pid[38063] Error writing 139 b"..., 74) = 74 munmap(0x7f4d64ee9000, 4096) = 0 *geteuid() = 504* setreuid(4294967295, 0) = 0 geteuid() = 0 geteuid() = 0 *getegid() = 504* setregid(4294967295, 0) = 0 getegid() = 0 getegid()...

...m, ent) != SIASUCCESS) { - fatal("Couldn't launch session for %s from %s", user, host); - } + if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) + fatal("Couldn't launch session for %s from %s", pw->pw_name, + host); sia_ses_release(&ent); - if (setreuid(geteuid(), geteuid()) < 0) { + if (setreuid(geteuid(), geteuid()) < 0) fatal("setreuid: %s", strerror(errno)); - } } #endif /* HAVE_OSF_SIA */ diff -urN openssh-SNAP-20030226/auth-sia.h openssh/auth-sia.h --- openssh-SNAP-20030226/auth-sia.h Fri Apr 12 10:36:08 2002 +++ opens...

...fatal("setpriority: %s", strerror (errno)); } - if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) { + if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) fatal("Couldn't launch session for %s from %s", user, host); - } sia_ses_release(&ent); - if (setreuid(geteuid(), geteuid()) < 0) { + /* XXX: Should this be be around a if (!use_privsep) ? */ + if (setreuid(geteuid(), geteuid()) < 0) fatal("setreuid: %s", strerror(errno)); - } } - #endif /* HAVE_OSF_SIA */ Index: auth-sia.h =======================================================...

...fatal("setpriority: %s", strerror (errno)); } - if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) { + if (sia_ses_launch(sia_collect_trm, ent) != SIASUCCESS) fatal("Couldn't launch session for %s from %s", user, host); - } sia_ses_release(&ent); - if (setreuid(geteuid(), geteuid()) < 0) { + /* XXX: Should this be be around a if (!use_privsep) ? */ + if (setreuid(geteuid(), geteuid()) < 0) fatal("setreuid: %s", strerror(errno)); - } } - #endif /* HAVE_OSF_SIA */ Index: auth-sia.h =======================================================...

On Tue, Dec 16, 2014 at 03:40:08PM +0100, Nacho del Rey wrote: > Hi there > > In an Oracle RAC cluster using ACFS (as file-system) where we have a samba > server for sharing files to windows clients, we are suffering a strange > issue, from time to time, which it causes the Windows clients lock for a > while (10 min or a bit more) or even indefinitely when they are working >

Is anyone maintaining the OSF_SIA support in openssh? This seems to be an obvious bug triggered if you try to connect as a non-existant user. >From auth1.c line 459 #elif defined(HAVE_OSF_SIA) (sia_validate_user(NULL, saved_argc, saved_argv, get_canonical_hostname(), pw->pw_name, NULL, 0, NULL, "") == SIASUCCESS)) { #else /*

...sys/stropts.h sys/sysmacros.h sys/time.h sys/ttcompat.h stddef.h util.h utmp.h utmpx.h) # Checks for library functions. -AC_CHECK_FUNCS(arc4random bindresvport_af freeaddrinfo gai_strerror getaddrinfo getnameinfo innetgr md5_crypt mkdtemp openpty rresvport_af setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf _getpty) +AC_CHECK_FUNCS(arc4random bindresvport_af freeaddrinfo gai_strerror getaddrinfo getnameinfo innetgr md5_crypt mkdtemp openpty pututline rresvport_af setenv seteuid setlogin setproctitle setreuid snprintf strlcat strlcpy updwtmpx vsnprintf _getpt...