Displaying 20 results from an estimated 2000 matches similar to: "[Bug 715] usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful"
2003 Sep 16
1
OpenSSH 3.7p1, PrivSep, and Tru64 broken (sorry)
Well, I had just finally gotten around to downloading a snapshot to test
the latest on Tru64 a couple of days ago but hadn't had a chance to
build it yet, and 3.7p1 has now been released. Sigh.
The problem is that Tru64 setreuid() and setregid() are broken, so
privsep doesn't work.
This could also be a security problem for SIA authentication in general
(any version of OpenSSH on Tru64,
2004 Aug 25
6
sshd 3.9p1 under Reliant Unix 5.45: getpeername: Operation not supported on transport endpoint
The following is special to sshd 3.9p1 under ReliantUnix 5.45. It does
not occur under ReliantUnix 5.43 nor under Solaris 5.8:
`pwd`/sshd-3.9 -e -D -d -d -d
Now connecting from outside
[...]
debug1: inetd sockets after dupping: 3, 3
debug1: get_port() calls get_sock_port(3)
debug1: getpeername failed:
Operation not supported on transport endpoint
lsof proves FD 3 is an established TCP
2001 Aug 20
4
[PATCH] some patches for Fujitsu-Siemens ReliantUNIX, minor fixes and XXXes
Hi,
attached please find some patches for ReliantUNIX. This was tested under
Reliant UNIX V5.43C40 with Compiler CDSDEV V2.0C00.
Here is what I did:
- there is a common misunderstanding how to use /usr/libucb/libucb.a:
There are some library functions only in libucb.a under ReliantUNIX, so
one needs to bind it. The problem is: there are some other functions in
this library you should never
2003 Sep 17
8
[Bug 657] Priv seperation causes setreuid error
http://bugzilla.mindrot.org/show_bug.cgi?id=657
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Priv seperation causes |Priv seperation causes
|segfault |setreuid error
------- Additional Comments From dtucker at
2003 Sep 23
5
[Bug 710] ReliantUnix: -ldl missing when libcrypto is a shared object
http://bugzilla.mindrot.org/show_bug.cgi?id=710
Summary: ReliantUnix: -ldl missing when libcrypto is a shared
object
Product: Portable OpenSSH
Version: -current
Platform: MIPS
OS/Version: other
Status: NEW
Severity: normal
Priority: P3
Component: Build system
AssignedTo:
2003 Sep 19
1
configure fixes for Tru64 UNIX V4.0x
1) Testing of uidswap.c on a Tru64 UNIX V4.0G PK4 (BL22) machine shows the
following defines to be required for correct uid changing semantics:
#define BROKEN_SETREGID 1
#define BROKEN_SETREUID 1
#define SETEUID_BREAKS_SETUID 1
Failure to fix these contributes to breaking privilege separation
(in a safe way: connections will fail while UsePrivilegeSeparation=yes,
thanks to
2005 Nov 16
3
OpenSSH on NCR MPRAS
Hi folks,
I have successfully compiled and run OpenSSH 4.1p1 on NCR MPRAS:
$ uname -a
UNIX_SV support1 4.0 3.0 3446 Pentium Pro(TM)-EISA/PCI
$
However, I have found one pretty critical problem, arising from the way
that MPRAS handles changes to the IP stack.
Background:
To update any of the IP or TCP configuration options, system
administrators should use the program "tcpconfig".
2003 Sep 18
0
Darwin notes for openssh-3.7.1p1
I was able to build working openssh-3.7.1p1 on the Darwin-ppc-1.4 , 5.5, and 6.0 platform, by
setting the following by hand in config.h.
#define SETEUID_BREAKS_SETUID
#define BROKEN_SETREUID
#define HAVE_SETEUID 1
/* #undef HAVE_SETREUID 1 */
For Darwin-x86-6.6.1, it built with the following.
#define SETEUID_BREAKS_SETUID
/* #undef BROKEN_SETREUID */
#define HAVE_SETEUID 1
/* #undef
2003 Sep 20
2
[Bug 693] Missing definitions in configure scripts
http://bugzilla.mindrot.org/show_bug.cgi?id=693
Summary: Missing definitions in configure scripts
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: ix86
OS/Version: other
Status: NEW
Severity: normal
Priority: P4
Component: Build system
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2003 Sep 17
8
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
http://bugzilla.mindrot.org/show_bug.cgi?id=653
Summary: sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: Alpha
OS/Version: other
Status: NEW
Severity: critical
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
2003 Sep 16
6
sshd 3.7p1 dies on MacOSX
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Here's the output from running sshd in debug mode:
debug1: sshd version OpenSSH_3.7p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: setgroups() failed:
2003 Nov 18
5
Testing of recent commits
There have been a few recent commits to portable OpenSSH that require
testing. It would be appreciated if you could grab the 20031118 (or
later) snapshot and give it a try on your platforms of choice.
Ideally, "giving it a try" means running the regress tests, in addition
to casual (non-production) use and reporting your experiences back to
the list. The more platforms and compile-time
2004 Aug 17
1
[Bug] LTP: mkdir fail after setreuid
For chdir03 investigation result:
The fail is caused by the mkdir fail after setreuid.
Key code in the test case:
if ((pid =3D fork()) < 0) {
tst_brkm(TBROK, cleanup, "first fork failed");
}
if (pid =3D=3D 0) { /* first child */
/* set the child's ID to ltpuser1 */
if (setreuid(ltpuser1->pw_uid,
2004 Jan 26
1
patch for linux capabilities
I was wondering if it might be possible for an rsync developer to
look over the attached patch (tested on Linux 2.4.24 against the
rsync-2.6.0 release), and offer suggestions on how I could improve it.
Basically I want to use Linux finer grained capabilities to retain
only CAP_SYS_CHROOT & CAP_DAC_READ_SEARCH when rsync drops root
privs. That way I can take whole system backups as a (mostly)
2000 Oct 03
1
Various platforms
Hello,
I've been compiling OpenSSH up on just about every platform that I can
get my hands on. I am not certain of the best way of building my
'fixes' into the source tree, not least of all since I didn't worry about
#ifdef's or the configure scripts. However hopefully this will be of use
to you. This is all for openssh-2.2.0p1 compiled alongside
openssl-0.9.5a and
2003 Sep 17
16
[Bug 659] sshd failure on IRIX
http://bugzilla.mindrot.org/show_bug.cgi?id=659
Summary: sshd failure on IRIX
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: MIPS
OS/Version: IRIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: bugzilla-openssh at
2002 Sep 04
2
uid transition and post-auth privsep (WAS Re: possible fundamental problem with tru64 patch) (fwd)
What do we loose by not having post-auth privsep?
What code is executed between authorization and actual setting of the
effective uid?
On Tue, 3 Sep 2002, Chris Adams wrote:
> Once upon a time, Toni L. Harbaugh-Blackford <harbaugh at nciaxp.ncifcrf.gov> said:
> > It appears that the integration of the sia session setup will either
> > have to be rethought or abandoned
2003 Sep 17
3
Use the OpenSSH 3.6 uidswap.c for building 3.7 under IRIX
[resending with uidswap.c instead of uidwrap.c]
Once I got past the missing inet_ntoa.h weirdness, I ran into an sshd
that died a lot. It appears that IRIX doesn't like some of the extra
checks added between 1.23 and 1.24 of uidswap.c. Not sure if that
constitutes an IRIX bug or not, but helpfully this helps someone.
--
Mail: mjo at dojo.mi.org WWW: http://dojo.mi.org/~mjo/ Phone: +1
2005 Sep 19
1
ssh hangs or gives Segmentation fault
Details of installation attached.
Effect: when I build and test (with full path names) ssh in the openssh...
directory, everything works fine. When I "install" it as per attached file
into a test-directory and run it from there, there are 2 phenomena:
either it just hangs, eating 96% of CPU
or it dies with a Segmentation fault (this is what happens most often)
Help needed
1999 Mar 10
1
Bug in set_effective_uid on AIX 4.1.5 /4.3.2 Samba 2.0.3
Dear samba-Team,
The bug reported in PR#12819 for AXI 4.1.5 persits
also in samba 2.0.3.
The Bug prevents the connecting of other users as root to any
share.
I have a workaround/fix tested on AIX 4.1.5 ,4.3.2 with
gcc 2.8.1 here:
Change samba-2.0.3/source/lib/util_sec.c
funktion set_effective_uid like this:
155c155
< #elif defined(HAVE_SETREUID)
---
> #elif defined(HAVE_SETREUID)