search for: ssh_sandbox_init

https://bugzilla.mindrot.org/show_bug.cgi?id=2140 Bug ID: 2140 Summary: Capsicum support for FreeBSD 10 (-current) Product: Portable OpenSSH Version: -current Hardware: All OS: FreeBSD Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

On Wed, 17 Feb 2016, Alex Wilson wrote: > On 2/17/16 2:04 PM, Alex Wilson wrote: > > I've attached a patch... > > > > Also at > > https://us-east.manta.joyent.com/arekinath/public/openssh-wip-fix-for-sol10-privs.patch > > If you are having trouble getting the patch out of the email. > > Also, as for Damien's patch, you will want to regenerate

...darg.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include "log.h" +#include "sandbox.h" +#include "xmalloc.h" + +/* dummy sandbox */ + +struct ssh_sandbox { + int junk; +}; + +struct ssh_sandbox * +ssh_sandbox_init(void) +{ + struct ssh_sandbox *box; + + /* + * Strictly, we don't need to maintain any state here but we need + * to return non-NULL to satisfy the API. + */ + box = xcalloc(1, sizeof(*box)); + return box; +} + +void +ssh_sandbox_child(struct ssh_sandbox *box) +{ + /* Nothing to do here */ +...

...include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> + +#include "log.h" +#include "sandbox.h" +#include "xmalloc.h" + +/* Darwin/OS X sandbox */ + +struct ssh_sandbox { + pid_t child_pid; +}; + +struct ssh_sandbox * +ssh_sandbox_init(void) +{ + struct ssh_sandbox *box; + + /* + * Strictly, we don't need to maintain any state here but we need + * to return non-NULL to satisfy the API. + */ + debug3("%s: preparing Darwin sandbox", __func__); + box = xcalloc(1, sizeof(*box)); + box->child_pid = 0; + + return bo...

...are): > > - daemon() deprecated (ssh.c, sshd.c) > - utmp, login, logout, logwtmp deprecated (loginrec.c) > - sandbox_init() deprecated (sandbox-darwin.c) I don't think there's much we can do about these without abandoning earlier OS releases. > - struct monitor declared in ssh_sandbox_init() parameter list > (sandbox-darwin.c) Missing monitor.h include. Harmless (it's never used), now fixed. > - set-but-unused 'flag' variable in sys_tun_open() (port-tun.c) True, the code that uses it is inside an ifdef. Might look at this later. > On Void Linux (which uses...

...8 expected 1024 but I don't understand how. Don't try to use ssh or sshd with this diff as it'll probably mess things up pretty good. diff --git a/ssh-sandbox.h b/ssh-sandbox.h index bd5fd83..6bd76b3 100644 --- a/ssh-sandbox.h +++ b/ssh-sandbox.h @@ -22,3 +22,4 @@ struct ssh_sandbox *ssh_sandbox_init(struct monitor *); void ssh_sandbox_child(struct ssh_sandbox *); void ssh_sandbox_parent_finish(struct ssh_sandbox *); void ssh_sandbox_parent_preauth(struct ssh_sandbox *, pid_t); +#define setrlimit(x,y) (0) diff --git a/sshkey.c b/sshkey.c index e91c54f..cfdd437 100644 --- a/sshkey.c +++ b/ssh...

https://bugzilla.mindrot.org/show_bug.cgi?id=3702 Bug ID: 3702 Summary: sshd fork crashed when compiled with seccomp Product: Portable OpenSSH Version: 9.7p1 Hardware: ARM64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: sshd Assignee: unassigned-bugs at

...str_to_set: %s", strerror(errno)); +#endif if (priv_delset(pset, PRIV_FILE_LINK_ANY) != 0 || priv_delset(pset, PRIV_NET_ACCESS) != 0 || diff --git a/sandbox-solaris.c b/sandbox-solaris.c index 98714e1..a1828ed 100644 --- a/sandbox-solaris.c +++ b/sandbox-solaris.c @@ -48,15 +48,20 @@ ssh_sandbox_init(struct monitor *monitor) struct ssh_sandbox *box = NULL; box = xcalloc(1, sizeof(*box)); - box->pset = priv_allocset(); + /* Start with "basic" and drop everything we don't need. */ +#if defined(HAVE_PRIV_BASICSET) + box->pset = priv_allocset(); +#else + box->pset = p...

https://bugzilla.mindrot.org/show_bug.cgi?id=2407 Bug ID: 2407 Summary: OpenSSH uses deprecated APIs on MacOS Product: Portable OpenSSH Version: -current Hardware: All OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component: Miscellaneous Assignee: unassigned-bugs at

...ewsock 6 pipe 8 sock 9 debug1: inetd sockets after dupping: 4, 4 debug1: Local version string SSH-2.0-OpenSSH_9.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.6 debug1: compat_banner: match: OpenSSH_8.6 pat OpenSSH* compat 0x04000000 debug2: fd 4 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing seccomp filter sandbox debug2: Network child is on pid 5800 debug3: preauth child monitor started debug3: privsep user:group 22:22 [preauth] debug1: permanently_set_uid: 22/22 [preauth] debug3: ssh_sandbox_child_debugging: installing SIGSYS handler [preauth] debug3: ssh_sandbox_child: se...

https://bugzilla.mindrot.org/show_bug.cgi?id=3639 Bug ID: 3639 Summary: server thread aborts during client login after receiving SSH2_MSG_KEXINIT Product: Portable OpenSSH Version: 9.2p1 Hardware: ARM OS: Linux Status: NEW Severity: critical Priority: P5 Component:

On 2/17/16 3:02 PM, Carson Gaspar wrote: > > Sadly I'm hitting a different autoconf bug :-( I was being an idiot - configure was bombing out & I didn't notice (boy that openssl version error message is loooooong...) With Mr. Wilson's patch, I still get: "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with the Solaris sandbox"

On Tue, 16 Feb 2016, Jeff Wieland wrote: > The Solaris privilege code breaks building on Solaris 10. If > you let configure just do its thing, you get the following error > when compiling: > > "sandbox-solaris.c", line 22: #error: "--with-solaris-privs must be used with > the Solaris sandbox" > > So, I did add "--with-solaris-privs" to the

https://bugzilla.mindrot.org/show_bug.cgi?id=2727 Bug ID: 2727 Summary: ssh_dispatch_run_fatal: Connection to 127.0.0.1 port 8002: message authentication code incorrect Product: Portable OpenSSH Version: 7.5p1 Hardware: ix86 OS: Linux Status: NEW Severity: major Priority: P5

...abled: 0, HPN Buffer Size: 65536 debug1: Client protocol version 2.0; client software version cryptlib debug1: no match: cryptlib debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420 debug2: fd 3 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing capsicum sandbox debug2: Network child is on pid 43805 debug3: preauth child monitor started debug3: privsep user:group 22:22 [preauth] debug1: permanently_set_uid: 22/22 [preauth] debug1: list_hostkey_types: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519 [preauth] debug1: SSH2_MSG_KEXI...

Hi, OpenSSH 7.4 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

On 30/06/2023 09:56, Damien Miller wrote: > It's very hard to figure out what is happening here without a debug log. > > You can get one by stopping the listening sshd and running it manually > in debug mode, e.g. "/usr/sbin/sshd -ddd" Or starting one in debug mode on a different port, e.g. "-p99 -ddd"

...222 debug1: Client protocol version 2.0; client software version OpenSSH_6.5p1 Debian-6 debug1: match: OpenSSH_6.5p1 Debian-6 pat OpenSSH* compat 0x04000000 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_6.6 debug2: fd 3 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing rlimit sandbox debug2: Network child is on pid 89674 debug3: preauth child monitor started debug3: privsep user:group 210:202 [preauth] debug1: permanently_set_uid: 210/202 [preauth] debug1: list_hostkey_types: ssh-rsa,ssh-dss,ssh-ed25519 [preauth] debug1: SSH2_MSG_KEXINIT sent [preauth]...

Hi, I wonder, how can i use openssh Public key authentification with ActivCard pkcs11 x509 certificate store and login to only my account reading/using username provided from certificate DN, or principal name,friendly name ? b111887 and e411617 is administrator on this os. I have rights to put e411617 pub keys to b111887 home folder authorized keys. And because openssh ask's me to provide

...like this: Connection from 81.209.177.119 port 55768 on 81.209.177.7 port 1111 debug1: Local version string SSH-2.0-OpenSSH_8.1 debug1: Remote protocol version 2.0, remote software version OpenSSH_8.1 debug1: match: OpenSSH_8.1 pat OpenSSH* compat 0x04000000 debug2: fd 3 setting O_NONBLOCK debug3: ssh_sandbox_init: preparing seccomp filter sandbox debug2: Network child is on pid 17293 debug3: preauth child monitor started debug3: privsep user:group 39:38 [preauth] debug1: permanently_set_uid: 39/38 [preauth] debug3: ssh_sandbox_child: setting PR_SET_NO_NEW_PRIVS [preauth] debug3: ssh_sandbox_child: attaching...