search for: tcb

...t all and still authenticate on a DEC alpha running OSF1 [digital unix] V5.1 732, an authentication profile is maintained for each of them on the system. This user profile is kept in the protected password database, accessible only to trusted programs acting on behalf of the trusted computing base (TCB). Some TCB fields are useful to us so we're planning to use their LDAP attibute equivalents and we wrote a custom LDAP shema that includes those which were missing from the standard openLDAP distribution [see details below]. So we're planning (in fact are about to) patch dovecot-1.x in or...

...to add debug messages to these functions and got the following: core_tcp_connect: connecting core_tcp_connect: connected core_tcp_connect: at out: closing CompletionToken core_tcp_write: Sending 227 bytes tcp transmit failed, Access Denied Meanwhile on the OVMF side I could get these debug logs: Tcb (3F296898) state TCP_CLOSED --> TCP_SYN_SENT TcpToSendData: set RTT measure sequence 464107706 for TCB 3F296898 Tcb (3F296898) state TCP_SYN_SENT --> TCP_ESTABLISHED TcpComputeRtt: new RTT for TCB 3F296898 computed SRTT: 0 RTTVAR: 0 RTO: 5 TcpInput: connection established for TCB 3F296898 in...

...2.0 ) on a Compaq device V5.1A with C2 Security (SIA) configured. I must set UsePrivilegeSeparation to no to get this working. Does anyone have PrivilegeSeparation working on a Compaq device with C2 Security configured? Source device: ssh user at destination ( produces these errors) sshd: /var/tcb/files/__db_lock.share: Permission denied sshd: /var/tcb/files/__db_lock.share: Permission denied sshd: /var/tcb/files/__db_lock.share: Permission denied sshd: /var/tcb/files/__db_lock.share: Permission denied sshd: /var/tcb/files/__db_lock.share: Permission denied Cannot obtain database information...

Hi, an updated and more civilized post (to my one and only previous one) on getting OpenSSH to work on HP-UX 11 using the TCB. I used the HP ANSI C compiler. Firstly, I needed to download, compile and install OpenSSL, EGD and ZLib. Specific issues: configure did not handle hpux 11 login.c did not compile makefile did not use $(CFLAGS) sshd did not compile (pam issues), I wanted to use supplied pam library I use...

Hello, already checked the Mailinglist archive for HPUX Problems, but havent found exact this: ./configure --prefix=/opt --without-pam --with-ssl-dir=/opt/OpenSSL --with-lastlog=/var/adm/wtmp --with-egd-pool=/dev/entropy --with-tcp-wrappers --with-pid-dir=/var/run --sysconfdir=/etc/ssh and get after a make: gcc -O2 -Wall -D_HPUX_SOURCE -I/usr/local/include -I/opt/include

When -fstack-protector is turned on, linker fails to find the symbol "__stack_chk_guard" because at least for powerpc64le, glibc doesn't provide this symbol. Instead, they put the stack guard into TCB. x86 fixed this issue by injecting a special address space (which is later translated to TCB register access) and hard code the offset of stack_guard, but I don't see a easy way to handle address spaces in ppc. A cleaner solution could be adding an IR intrinsic llvm.get_tcb_address() and hard...

...t; llvm-dev at lists.llvm.org> wrote: >> >>> When -fstack-protector is turned on, linker fails to find the symbol "__stack_chk_guard" >>> because at least for powerpc64le, glibc doesn't provide this symbol. >>> Instead, they put the stack guard into TCB. >>> >>> x86 fixed this issue by injecting a special address space (which is >>> later translated to TCB register access) and hard code the offset of >>> stack_guard, but I don't see a easy way to handle address spaces in ppc. >>> >> >> &...

I found a bit weird to use address space for this, since the offset of getting stack_guard in TCB is, unfortunately, negative: https://github.com/gcc-mirror/gcc/blob/master/gcc/config/rs6000/linux64.h#L610 In my understanding an address space is referring to a segment register (-on powerpc 32bit; or SLB entry on powerpc 64bit?) with a non-negative offset value, so that it's actually access...

Hello, I'm trying to find out how to pxe boot with syslinux.efi on QEMU with OVMF. After getting through the initial hurdle caused by the iPXE based option ROM included with QEMU having a problem as described in these threads: http://www.syslinux.org/archives/2014-November/022804.html http://sourceforge.net/p/edk2/mailman/message/33236100/ I'm now getting further to almost being able

...vm-dev at lists.llvm.org > wrote: > > When -fstack-protector is turned on, linker fails to find the > > symbol > > " __stack_chk_guard" because at least for powerpc64le, glibc > > doesn't > > provide this symbol. Instead, they put the stack guard into TCB. > > > x86 fixed this issue by injecting a special address space (which is > > later translated to TCB register access) and hard code the offset > > of > > stack_guard, but I don't see a easy way to handle address spaces in > > ppc. > Why is handling addre...

On Tue, Nov 24, 2015 at 12:57 AM, Damien Miller <djm at mindrot.org> wrote: > TCP is the kernel's responsibility. I guess that these values get > copied into each TCB from the copy managed via proc at connection > start time, but never updated afterwards. > This had to happen but the question is why is it possible to increase a timeout but not to decrease it. -- <wempwer at gmail.com>

...ell access to various unix based platforms for our students and university staff. Recently, there has been increasing number of root login attacks on one particular Tru64 machine running OpenSSH. The host is configured with "PermitRootLogin no" but every once in a while SIA auth with TCB enhanced security locks the root account. I suppose the problem could be solved at two separate levels, for SIA only in auth-sia.c, or for any password using auth method in auth-passwd.c. I'd prefer a fix just for auth-passwd.c, are there any reasons to try out auth_krb5_password, sshpam_au...

We run HP-UX 11.00 in "Trusted Mode". This creates and mananges a tcb database for all the users on the system. I have created the attached patch, for openssh-4.3p2, to update the date/time of a successful login. I have tested this patch on several systems here, but I am sure there is a cleaner way to implement the updates into openssh. In a perfect world I would li...

...ing --fake-super, and SSH keys to access a remote server as a normal user. My problem is that there is a local directory that has permissions 0111 ("d--x--x--x"), and rsync throws an error trying to set the xattr: rsync: failed to read xattr user.rsync.%stat for "/roach/backup/root/tcb/lib": Permission denied (13) It appears that rsync knows to create remote files with u+rw, but not directories. Is this a bug, or am I missing something? The full command I'm using is: rsync --stats -v -axH --inplace --delete --rsync-path="rsync --fake-super" / user at remote...

...Got 0 bytes Didn't get entire file. size=2305, nread=0 2305 ( 57.7 kb/s) \usr\mail\Vanja\Attach\att13.eml ... And it goes on and on. On 350Mb of data, I get around 250 errors. Not to mention that 100 of those 250 are *critical* (for me) files :) I tried to modify the blocksize (using -Tcb <value> <filename>) but the only difference is that errors start happening earler or later. And always at same place, when using same blocksize. Does anybody know what could be the problem? Thanks in advance. Regards, Vanja Hrustic -- Siam Relay Ltd. http://www.siamrelay.com http:...

....168.0.255 nmask=255.255.255.0 Client started (version 3.0.15pre2). Connecting to 192.168.0.52 at port 445 Password: Doing spnego session setup (blob length=112) got OID=1 2 840 113554 1 2 2 got OID=1 2 840 48018 1 2 2 got OID=1 3 6 1 4 1 311 2 2 10 got principal=linux-test$@TCB.INTERNAL Got challenge flags: Got NTLMSSP neg_flags=0x60890215 NTLMSSP: Set final flags: Got NTLMSSP neg_flags=0x60080215 NTLMSSP Sign/Seal - Initialising with flags: Got NTLMSSP neg_flags=0x60080215 SPNEGO login failed: Logon failure session setup failed: NT_STATUS_LOGON_FA...

On Mon, Feb 22, 2016 at 3:32 PM Joerg Sonnenberger via llvm-dev < llvm-dev at lists.llvm.org> wrote: > On Mon, Jan 25, 2016 at 07:57:43PM +0000, Tim Shen via llvm-dev wrote: > > A cleaner solution could be adding an IR intrinsic llvm.get_tcb_address() > > and hard code the offset of stack_guard member, since they aren't > supposed > > to change. > > It would also be inefficient on architectures that can directly access > TLS variables. I.e. on x86, it is effectively a statically allocated TLS > variable w...

I am running OpenSSH_6.7p1 on Slackware 14.1 x64. I haven't modified a stock config. On Linux TCP timeouts are controlled by these 3 files: $ cat /proc/sys/net/ipv4/tcp_keepalive_time \ > /proc/sys/net/ipv4/tcp_keepalive_intvl \ > /proc/sys/net/ipv4/tcp_keepalive_probes 7200 75 9 These are their default values. I modified them to 3, 1, 1 respecitively before establishing a new SSH

http://bugzilla.mindrot.org/show_bug.cgi?id=633 Summary: Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Product: Portable OpenSSH Version: -current Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

I'm especially interested in the original data that was used to derive the constant buffer arguments. I'm looking for the texture unit switch for tiling format, and i'm hoping the original data will easily reveal it. Maarten.