search for: suser

...; -int okname(char *); void run_err(const char *,...); void verifydir(char *); @@ -371,8 +370,6 @@ tuser = argv[argc - 1]; if (*tuser == '\0') tuser = NULL; - else if (!okname(tuser)) - exit(1); } else { thost = argv[argc - 1]; tuser = NULL; @@ -395,8 +392,6 @@ suser = argv[i]; if (*suser == '\0') suser = pwd->pw_name; - else if (!okname(suser)) - continue; sprintf(bp, "%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'", ssh_program, verbose_mode ? " -v" : "&qu...

...else { /* local to remote */ if (remin == -1) { - len = strlen(targ) + CMDNEEDS + 20; + len = strlen(targ) + cmdlen + 20; bp = xmalloc(len); (void) snprintf(bp, len, "%s -t %s", cmd, targ); host = cleanhostname(thost); @@ -428,7 +440,8 @@ char *bp, *host, *src, *suser; for (i = 0; i < argc - 1; i++) { - if (!(src = colon(argv[i]))) { /* Local to local. */ + src = colon(argv[i]); + if (!src && !eraseflag && !*tmpfn) { /* Local to local w/cp */ len = strlen(_PATH_CP) + strlen(argv[i]) + strlen(argv[argc - 1]) + 20; bp = xma...

I have a client (Fedora 19) and a server (Fedora 14/Samba 3.5.11) which works fine. I'm now setting up a new server (Fedora 20/Samba 4.1.3) with more or less the same smb.conf 1. Issuing: sudo smbclient -L //srv001 -U suser list all shares correct. 2. Issuing: sudo mount -t cifs //srv/Share3 /mnt/share3/ -o username=suser Password for suser@//srv/Share3: **** Retrying with upper case share name mount error(6): No such device or address Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) My problem is the C...

...+418,7 @@ "%s%s %s -n " "-l %s %s %s %s '%s%s%s:%s'", ssh_program, verbose_mode ? " -v" : "", - ssh_options, suser, host, cmd, src, + ssh_options, suser, host, rscpcmd, src, tuser ? tuser : "", tuser ? "@" : "", thost, targ); } else { @@ -412,7 +427,7 @@...

...init.pp: class sudo { case $operatingsystem { Debian: { package { "sudo": } } } file { "/etc/sudoers": mode => 440, content => template("sudo/sudoers.erb"), tag => sudo, } } and sudoers.erb: <% musers = "" susers = "" IO.foreach("/etc/puppet/bootstrap/hosts.dat") do |l| a = l.split if a[1] == hostname musers = a[5] if a.length >= 8 susers = a[7] end break end end %> Cmnd_Alias INST = /usr/sbin/synaptic, /usr/bin/cpan, /usr/bin...

..." \t")) != NULL); + } + + execvp(args.list[0], args.list); + perror(args.list[0]); + _exit(1); } /* Parent. Close the other side, and return the local side. */ close(pin[0]); @@ -439,8 +453,8 @@ int argc; char *argv[]; { - int i, len, cwd_len = 0; - char *bp, *host, *src, *suser, cwd[MAXPATHLEN]; + int i, len; + char *bp, *host, *src, *suser; for (i = 0; i < argc - 1; i++) { src = colon(argv[i]); @@ -478,21 +492,7 @@ } else { src = argv[i]; - if (*src != '/') { - if (!cwd_len) { - if (!getcwd(cwd, sizeof cwd)) { - error("Could...

...lags. */ case '4': *************** *** 283,288 **** --- 288,296 ---- case 'S': ssh_program = optarg; break; + case 'L': + highport=1; + break; /* Server options. */ case 'd': *************** *** 420,435 **** else if (!okname(suser)) continue; (void) sprintf(bp, ! "%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'", ssh_program, verbose_mode ? " -v" : "", suser, host, cmd, src, tuser ? tuser : "", tuser ? &qu...

..., I get permission denied. 2020-03-23 18:39:23 imap(andreas at dualbit.de): Error: chdir(/home/andreas/Maildir/) failed: Permission denied (euid=5000(vmail) egid=5000(vmail) missing +x perm: /home/andreas/Maildir, dir owned by 5006:5006 mode=0700) The mailbox has permissions drwx------. 9 andreas susers If I don't set mail_uid I get an error because of missing mail_uid. I can only access the users mailbox if I set mail_uid = 5006 in 10-mail.conf On another system I don't haver this problem. I made diffs, read alot of stuff and can't find a solution. What is the way to go, please? I...

...group = dsvi read only = No create mask = 0774 directory mask = 0775 force directory mode = 0774 User defined in Unix as follow (Linux id command, from LDAP info) : # id jerome uid=1000(jerome) gid=513(domusers) groups=513(domusers),550(prtadmin),103(dsvi),102(susers) In LDAP : $ ldapsearch -h localhost -D 'cn=Manager,dc=domain,dc=com' -x '(uid=jerome)' -W -LLL Enter LDAP Password: ******** dn: uid=jerome, ou=INFORMATIQUE, ou=Paris, ou=People, dc=domain,dc=com sambaLMPassword: xxxxxxx displayName:: SsOpcsO0bWUgRmVuYWw= objectClass: top object...

...strlen(ssh_program) + strlen(argv[i]) + strlen(src) + (tuser ? strlen(tuser) : 0) + - strlen(thost) + strlen(targ) + CMDNEEDS + 32; + strlen(thost) + strlen(targ) + CMDNEEDS + 40; bp = xmalloc(len); if (host) { *host++ = 0; @@ -398,7 +398,7 @@ else if (!okname(suser)) continue; sprintf(bp, - "%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'", + "%s%s -x -o'FallBackToRsh no' -n -l \"%s\" \"%s\" \"%s\" \"%s\" '%s%s%s:%s'", ssh_p...

...PIPE, lostconn); if ((targ = colon(argv[argc - 1]))) /* Dest is remote host. */ ! toremote(targ, argc, argv); else { ! tolocal(argc, argv); /* Dest is local host. */ if (targetshouldbedirectory) verifydir(argv[argc - 1]); } *************** *** 392,413 **** suser = pwd->pw_name; else if (!okname(suser)) continue; ! snprintf(bp, len, "%s%s %s -n " "-l %s %s %s %s '%s%s%s:%s'", ssh_program, verbose_mode ? " -v" : "", ssh_options, suser, hos...

Hi, I don't know if other systems are concerned as well but it's at least a problem for Cygwin that the uid of the privileged user is fixed to the constant 0 in the OpenSSH sources. A month ago I ported Paul Vixie's cron to Cygwin and he's using at least a define for that: #define ROOT_UID 0 which simplified the porting vastly. May I propose to change the usage of uid 0 in

Hi. Samba 1.9.15p8 under IRIX 6.1 (yes I know, it's old stuff ...) The susers on Windows 9x/WindowsNT just put their strange file name or directory name (like /usr/people/mesure_?t? ) on the IRIX. However, from the IRIX side, it's impossible toaccess to such files/directory. What's more, my ARkeia backup client stalls on such a name and fouled up my backup database....

...;'m fairly convinced that to really get something reasonable, you need to totally redesign the OS with this "virtual machine" in mind. Several research projects follow such a path (with further expectation also, of course). [mod: Yes. One "catchall" would be to modify "suser()" to return (uid==0) && (current->root == THE_ROOT). That would make a uid==0 in a chrooted environment just another user. Just with a special uid. But still you would have to review the WHOLE system to be sure that no holes remain.... --REW] Stefan

Martin Pool wrote: > > > From: Stefan Monnier <monnier+/news/lists/linux/security@TEQUILA.SYSTEMSZ.CS.YALE.EDU> > > Date: 05 May 1997 12:23:05 -0400 > > > [mod: Yes. One "catchall" would be to modify "suser()" to return > > (uid==0) && (current->root == THE_ROOT). That would make a uid==0 in a > > chrooted environment just another user. Just with a special uid. But > > still you would have to review the WHOLE system to be sure that no > > holes remain.... --REW]...

...ke sure that I''m right: my sparc isn''t working these days, so I had to rely on reading the SILO source code to figure out the password workaround. The specific hack that''s being posted to BUGTRAQ is in the form of a gdb script that modifies an existing BSD kernel so that suser() always returns 0 (which indicates "Yes, he''s a superuser" in the BSD kernel). Linux isn''t susceptible to this specific attack because our suser() function is inlined. Nevertheless, the attack could be modified so that it changes sys_chmod() to allow anyone to set the...

...!= EOF) switch (ch) { /* User-visible flags. */ case '4': @@ -300,6 +310,9 @@ case 'q': showprogress = 0; break; + case 'L': + nonprivilaged_port = 1; + break; case '?': default: usage(); @@ -406,16 +419,18 @@ else if (!okname(suser)) continue; (void) sprintf(bp, - "%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'", + "%s%s%s -x -o'FallBackToRsh no' -n -l %s %s %s %s '%s%s%s:%s'", SSH_PROGRAM, verbose_mode ? " -v&qu...

...< 1. + * (Because the XIG X server writes directly to video + * memory via /dev/mem, it should never work at any + * other securelevel. + * XXX this will have to go + */ + if (securelevel >= 1) + disablexworkaround = 1; + else + disablexworkaround = suser(p->p_ucred, + &p->p_acflag); + if (vp->v_type == VCHR && disablexworkaround && + (flags & (MAP_PRIVATE|MAP_COPY))) + return (EINVAL); + /* * Ensure that file and memory protections are * compatible. Note that we only worr...

Timo, I have to test something on one of the BSD, namely related to src/lib/net.c . -- Member - Liberal International This is doctor@@nl2k.ab.ca Ici doctor@@nl2k.ab.ca God,Queen and country!Never Satan President Republic!Beware AntiChrist rising! http://www.fullyfollow.me/rootnl2k Look at Psalms 14 and 53 on Atheism Time for Stephen to move on on Oct 19 2015!!

...* a device is reused, users can retain ownership of the device + * if they are allowed to set flags and programs assume that + * chown can't fail when done as root. + */ + if ((vp->v_type == VCHR || vp->v_type == VBLK) && + ((error = suser_xxx(p->p_ucred, p, PRISON_ROOT)) != 0)) + return (error); + VOP_LEASE(vp, p, p->p_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, p); VATTR_NULL(&vattr); vattr.va_flags = flags; erro...