similar to: 0.99.14-rc2

Hi OpenSSH developers, I'm using OpenSSH on a daily basis and I'm very pleased with the work you've done. I am contributing to some Open Source software hosted at Savannah https://savannah.nongnu.org/projects/tsp and we recently hit some sftp unexpected behavior: https://savannah.gnu.org/support/?105838 when using chmod sftp client command it appears that setuid / setgid bits are

version: rsync v2.6.1 (+ a minor, unrelated patch). I'm rsyncing files (not as root) and am happy (indeed, for what I want, delighted) that the files at the target side end up owned by the account doing the rsync. However, I've found that if I have a setuid/setgid file on the source side, the target file ends up setuid/setgid too (but under a different id!). This happens whether

Hello Porters, I am attempting to compile OpenSSH 2.9.9p2 on a Dynix V4.4.4 host. I have set USE_PIPES and BROKEN_SAVED_UIDS (the latter because there are no functions for set{eu,eg}id() that I can find). I configured with "./configure '--with-libs=-lnsl -lsec'". Each time I attempt to login, I get this error: No utmp entry. You must exec "login" from

Hi, Trying to install the Solaris package I made after configure/compilation under Solaris 8. My configure settings --------------------- OpenSSH has been configured with the following options: User binaries: /usr/local/bin System binaries: /usr/local/sbin Configuration files: /usr/local/etc Askpass program: /usr/local/libexec/ssh-askpass

https://bugzilla.mindrot.org/show_bug.cgi?id=1893 Summary: change ssh-keisign to setgid from setuid Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org

The attached patch adds an option --drop-suid which caused rsync to drop setuid/setgid permissions from the destination files. ie, even if the source file is setuid, the target file will not be. Added as we want to rsync the same files to machines both inside and outside our firewalls. For machines inside the firewall some files should be suid, for machines outside the firewalls they should

Currently, we leave the group ID alone, but now that we're looking at KRB5CCNAME, we need to be a little more careful with credentials. After we get the uid, do a getpwuid and grab the default gid for the user. Then use setgid to set it before calling setuid. Signed-off-by: Jeff Layton <jlayton at samba.org> --- cifs.upcall.c | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed,

###### ## ## ###### ## ### ## ## ###### ## # ## ## ## ## ### ## ###### . ## ## . ######. Secure Networks Inc. Security Advisory February 24, 1997

On Tue, Jan 1, 2019 at 7:26 PM Sami Ketola <Sami.Ketola at open-xchange.com> wrote: > Believe me it does. I used to work for Sun Microsystems for 14 years in > Solaris support and sustaining and I can guarantee you that it does. > > You problem is that Solaris has concept of Secure Runtime Linker, and for > trusted applications most of LD_CONFIG and LD_LIBRARY_PATH is ignored

Dear list. I have a problem that I cannot seem to get rid of. I have a directory/share (on linux) called "smb" containing four subdirectories. This directory will be 'exported' using samba.I would like to have different permissions on the different subdirectories. This works, except for this one directory (called temp) that I want to be read/write for everybody. Using force

Ok, for those running NeXT and other platforms with broken/missing _POSIX_SAVED_ID please try this patch, and anyone that has spent any amount of time dealing with this problem. I believe it's right. BTW, this patch is no where near as big as it looks. The patch was done against an earily version of the tree which had an issue with white space. - Ben --- ../openssh/uidswap.c Sun Apr 22

Hello Porters, I've finally (thanks to Wendy Palm of Cray) ported OpenSSH to Dynix v4.4.4. I had to make sure that "UseLogin" was set to "no" in the sshd_config file. Also, here are the old-style contextual diffs (obtained with 'diff -c' on the Dynix box) of the two files I had to change: *** configure Sat Jun 16 17:09:50 2001 --- configure.new Mon Oct 8

I'm not happy with ssh being setuid root. I know that the long-term goal is to have a seperate host-key-management process, but that is a ways off. Until then, I'd like to propose the following: - Allow ssh to read alternate key files. This would allow the ssh client to use keyfiles different from the ones sshd uses. I know that this can be done now by changing the ones sshd uses,

The Neverending Story of X11 Insecurity continues... Summary: On a system where X11R6.3-based Xserver with XKEYBOARD extension (R6.1 is probably affected too) is run in setuid or setgid enviroment (e.g. typical XFree86 installation has XF86_* installed setuid root), local users can exploit a "feature" of XKB implementation to execute arbitrary commands with the extra privileges.

I saw the notes about blocking networking on the advanced wine user information wiki (http://wiki.jswindle.com/index.php/Advanced_Wine_User_Information#Blocking_Network_access_to_Software_running_on_Wine) and I thought I'd try to come up with something a bit easier than running the application as a particular user: (add the "nonet" group) Code: # groupadd nonet (setup the

I successfully chrooted R running Rserve with an unprivileged user, and thought I'd publish the process. Attached is a jailkit.ini for use with jailkit;* and a chroot/setuid wrapper, chwrap.c. To set up the chroot in, for instance, /var/R; perform: mkdir -v /var/R jk_init -v -c jailkit.ini -j /var/R R then create the unprivileged user `r': useradd r After compiling chwrap

Hello, I'm trying to get deliver LDA working with postfix in a virtual domain configuration. I'm using dovecot v1.0.rc10. My setup is pretty much exactly as in the wiki (only the path to deliver and auth-master socket are different). I'm having a little problem with permissions and this occurred which I think is undesirable: syslog: Feb 8 13:09:35

Hi Folks -- I've recently had the need to add a piece of functionality to rsync that allows one to run 'rsync --daemon' (rsync in "rsync server" mode) over SSH. My main goal was to be able to use some of the features from rsyncd.conf(5) (notably modules) while still using SSH for authentication and network transport. Background: I wanted to have the capability of setting

http://bugzilla.mindrot.org/show_bug.cgi?id=136 Summary: setgid() deemed to fail for non-suid ssh client on linux if using other than primary group Product: Portable OpenSSH Version: 3.0.2p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh

Hello openssh developers, long time no see :-) there is a bug in sshd with *nix machines joined to Active Directory using Samba's winbind daemon. The problem is that with cold caches, a user logging in via ssh gets possibly the wrong primary gid assigned. Let me try to explain in detail: In Active Directory (AD) you only get a correct access token (group memberships of a user) during