similar to: dovecot patch for TCB auth

Hi, an updated and more civilized post (to my one and only previous one) on getting OpenSSH to work on HP-UX 11 using the TCB. I used the HP ANSI C compiler. Firstly, I needed to download, compile and install OpenSSL, EGD and ZLib. Specific issues: configure did not handle hpux 11 login.c did not compile makefile did not use $(CFLAGS) sshd did not compile (pam issues), I wanted to use

On Tue, 7 Apr 2015, Laszlo Ersek wrote: > Whereas syslinux.efi apparently uses the embedded gpxe/ tree, and that > one uses TCP timestamps. See tcp_xmit() in gpxe/src/net/tcp.c: Actually syslinux.efi seems to be using the implementation calling into UEFI via these functions: http://git.kernel.org/cgit/boot/syslinux/syslinux.git/tree/efi/tcp.c I've tried to add debug messages to these

Hello, already checked the Mailinglist archive for HPUX Problems, but havent found exact this: ./configure --prefix=/opt --without-pam --with-ssl-dir=/opt/OpenSSL --with-lastlog=/var/adm/wtmp --with-egd-pool=/dev/entropy --with-tcp-wrappers --with-pid-dir=/var/run --sysconfdir=/etc/ssh and get after a make: gcc -O2 -Wall -D_HPUX_SOURCE -I/usr/local/include -I/opt/include

I'm using OpenSSH_3.5p1 (server protocol 2.0 ) on a Compaq device V5.1A with C2 Security (SIA) configured. I must set UsePrivilegeSeparation to no to get this working. Does anyone have PrivilegeSeparation working on a Compaq device with C2 Security configured? Source device: ssh user at destination ( produces these errors) sshd: /var/tcb/files/__db_lock.share: Permission denied sshd:

When -fstack-protector is turned on, linker fails to find the symbol "__stack_chk_guard" because at least for powerpc64le, glibc doesn't provide this symbol. Instead, they put the stack guard into TCB. x86 fixed this issue by injecting a special address space (which is later translated to TCB register access) and hard code the offset of stack_guard, but I don't see a easy way to

I found a bit weird to use address space for this, since the offset of getting stack_guard in TCB is, unfortunately, negative: https://github.com/gcc-mirror/gcc/blob/master/gcc/config/rs6000/linux64.h#L610 In my understanding an address space is referring to a segment register (-on powerpc 32bit; or SLB entry on powerpc 64bit?) with a non-negative offset value, so that it's actually accessing

I'll come up with a address-space-based proof of concept. On Wed, Feb 10, 2016, 17:05 Eric Christopher <echristo at gmail.com> wrote: > On Wed, Feb 10, 2016 at 5:04 PM Hal Finkel <hfinkel at anl.gov> wrote: > >> >> ------------------------------ >> >> *From: *"Eric Christopher" <echristo at gmail.com> >> *To: *"Tim

----- Original Message ----- > From: "Eric Christopher" <echristo at gmail.com> > To: "Tim Shen" <timshen at google.com>, llvm-dev at lists.llvm.org, "Hal > Finkel" <hfinkel at anl.gov>, "Kit Barton" <kbarton at ca.ibm.com> > Sent: Wednesday, February 10, 2016 6:59:50 PM > Subject: Re: [llvm-dev] [PPC] Linker fails on

On Tue, Nov 24, 2015 at 12:57 AM, Damien Miller <djm at mindrot.org> wrote: > TCP is the kernel's responsibility. I guess that these values get > copied into each TCB from the copy managed via proc at connection > start time, but never updated afterwards. > This had to happen but the question is why is it possible to increase a timeout but not to decrease it. --

Hi all, among other things, we provide shell access to various unix based platforms for our students and university staff. Recently, there has been increasing number of root login attacks on one particular Tru64 machine running OpenSSH. The host is configured with "PermitRootLogin no" but every once in a while SIA auth with TCB enhanced security locks the root account. I suppose

I'm trying to set up a full server backup using rsync 3.0.6. I'm using --fake-super, and SSH keys to access a remote server as a normal user. My problem is that there is a local directory that has permissions 0111 ("d--x--x--x"), and rsync throws an error trying to set the xattr: rsync: failed to read xattr user.rsync.%stat for "/roach/backup/root/tcb/lib":

I've looked at samba archives (mailing lists), I've looked at altavista, and deja.com. No help. I want to do a backup of NT machine using smbclient. I call it like: # smbclient //MACHINE/Share Pass -U Administrator -E -c tarmode full -D usr -d0 -Tc test.tar It starts fine, but after some time thing like this happen: ... Error reading file \usr\mail\Vanja\Attach\att11.eml. Got 0 bytes

Hello, I'm trying to find out how to pxe boot with syslinux.efi on QEMU with OVMF. After getting through the initial hurdle caused by the iPXE based option ROM included with QEMU having a problem as described in these threads: http://www.syslinux.org/archives/2014-November/022804.html http://sourceforge.net/p/edk2/mailman/message/33236100/ I'm now getting further to almost being able

We run HP-UX 11.00 in "Trusted Mode". This creates and mananges a tcb database for all the users on the system. I have created the attached patch, for openssh-4.3p2, to update the date/time of a successful login. I have tested this patch on several systems here, but I am sure there is a cleaner way to implement the updates into openssh. In a perfect world I would like to update the tcb

Hi All, I'm running into some issues accessing a Samba server that's in turn authenticating against a Win2k3-SP1 domain controller (security=ads). I understand there were some known issues corrected in a patch, and I'm currently running 3.0.15pre2, which I understand includes that patch. (http://samba.org/~jerry/patches/post-3.0.13/winbindd_2k3sp1.patch) All was working fine

On Mon, Feb 22, 2016 at 3:32 PM Joerg Sonnenberger via llvm-dev < llvm-dev at lists.llvm.org> wrote: > On Mon, Jan 25, 2016 at 07:57:43PM +0000, Tim Shen via llvm-dev wrote: > > A cleaner solution could be adding an IR intrinsic llvm.get_tcb_address() > > and hard code the offset of stack_guard member, since they aren't > supposed > > to change. > > It

I am running OpenSSH_6.7p1 on Slackware 14.1 x64. I haven't modified a stock config. On Linux TCP timeouts are controlled by these 3 files: $ cat /proc/sys/net/ipv4/tcp_keepalive_time \ > /proc/sys/net/ipv4/tcp_keepalive_intvl \ > /proc/sys/net/ipv4/tcp_keepalive_probes 7200 75 9 These are their default values. I modified them to 3, 1, 1 respecitively before establishing a new SSH

http://bugzilla.mindrot.org/show_bug.cgi?id=633 Summary: Password authentication fails in HP-UX trusted mode due to DISABLE_SHADOW Product: Portable OpenSSH Version: -current Platform: HPPA OS/Version: HP-UX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

This patch adds SMP support to the previous version. Since that has not been merged I have included it in this patch. This should apply cleanly to the tip. Below is the text of the original submittal, slightly updated. Attached is a preliminary patch that adds Intel(R) LaGrande Technology (LT) (Safer Mode Extensions - SMX) support to Xen. While there are still several enhancements needed for

to> A short time ago I recieved a reply to a query to> about compiling samba with the freeware gcc under to> sco unix. Im sorry, Ive misplaced your Email to> address and WEB address (which was in italian). to> Sorry to use this forum as a contact point, but to> can you contact me again? Thanks. to> to> Tony Nichols The WEB page is at