similar to: [Bug 839] Privilege Separation + PAM locks users out

A non-text attachment was scrubbed... Name: openssh-setcred.patch Type: text/x-patch Size: 2735 bytes Desc: PAM and Kerberos Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040527/d7678ac6/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: openssh-pam-privsep.patch Type: text/x-patch Size: 1171 bytes Desc: GSSAPIAuth PAM and

using openssh-3.8.1p1 from sunfreeware.com on a SunOS XXX 5.8 Generic_117000-03 sun4u sparc SUNW,Sun-Fire-V240. sshd seems to ignore or miss SIGCLD. this is a rare behaviour we observe about once per week in a ssh intensive environment. the process hangs here: truss: 24453: poll(0xFFBEEF28, 2, -1) (sleeping...) gcore, mdb: libc.so.1`_poll+4(b, 0, 0, ffbeef38, 6fc40,

Hi All. Attached is a patch that implements password expiry with PAM and privsep. It works by passing a descriptor to the tty to the monitor, which sets up a child with that tty as stdin/stdout/stderr, then runs chauthtok(). No setuid helpers. I used some parts of Michael Steffens' patch (bugid #423) to make it work on HP-UX. It's still rough but it works. Tested on Solaris 8 and

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

I recently started building a simulator using honeyd as an IP emulator and experienced an issue with hangs on exit from ssh and sftp sessions. A quick look at the OpenSSH source code revealed the following: In serverloop.c there is a signal handler defined for SIGCHLD as follows: static void sigchld_handler(int sig) { int save_errno = errno; debug("Received SIGCHLD.");

Hello! Please consider including the attached patch in the next release. It allows one to drop privilege separation code while building openssh by using '--disable-privsep' switch of configure script. If one doesn't use privilege separation at all, why don't simply allow him to drop privilege separation support completely? -- Sincerely Your, Dan. -------------- next part

Can I get people from other platforms to test the waitpid.patch to see if it solves hang-on-exit on their platform? I can confirm Solaris at this moment (but I've not done heavy testing at this moment) that is works like a charm (Solaris 7). It handles 'sleep 90&' vs 'nohup sleep 90&' correctly (killed, vs left). thanks. - Ben ---------- Forwarded message

Please find enclosed two patches for OpenSSH 3.1p1. The first patch solves a problem where sessions will be left "hanging" when you normally exit from a ssh shell (for example by logging out from the remote host via "exit" or "logout"). The problem seems to be that sshd (and some other parts of OpenSSH) doesn't check the return code and errno from waitpid() for

Initial problem: When running 'make test' the hands.test fails as indicated in problem #3711 and includes the line rsync error: unexplained error (code 63) at main.c(537) The code # changes each time the test is run. Using HP C-ANSI-C B.11.11.02. configure line: CFLAGS="-O" ./configure --prefix=/opt/local In tracking this down, this is what I found: In main.c a

Hi Darren/Damien, Sorry for responding so late. Still hope we can get this sorted out. Yes I am indeed using PAM for ssh authentication and disabling priv seperation is a no-go for us since it opens up a security loophole. From what I can see in ptree and auth logs, when the child passwd process returns with SIGCHLD, the parent sshd process terminates. Sshd logs are as follows as requested at

Hi all, I've recently tried rsync in daemon mode on AIX. Unfortunately, after handling connections, the daemon segfaulted. I've located this problem to the signal handler for SIGCHLD in socket.c - it seems reinstalling the signal handler before doing waitpid caused the signal to be redelivered, so the program recurses to the signal handler before it runs out of stack space in the end and

Rsync maintainers please review rsync bug https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=98740 The code in question is in socket.c in start_accept_loop. The user is getting these warning messages:

FWIW, after patching the mmap issue, openssh still doesn't work on linux kernel 2.0.39 (+ patches): sshd[22202]: fatal: mm_receive_fd: expected type 1 got 2355841 I didn't dig deeper into it yet, but I believe 2.0 kernel does not support the kind of recvmsg() use privsep expects. -- v -- v at iki.fi

http://bugzilla.mindrot.org/show_bug.cgi?id=319 ------- Additional Comments From mouring at eviladmin.org 2002-06-29 02:59 ------- Created an attachment (id=120) Sounds like an SIA issue w/ privsep. Does this fix it? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Package: xen-hypervisor-3.0.3-rc1-i386 Version: 3.0.3~rc1+hg11686-1 Severity: grave Hello, xen-hypervisor-3.0.3-rc1-i386 fails to install: Setting up xen-hypervisor-3.0.3-rc1-i386 (3.0.3~rc1+hg11686-1) ... Searching for GRUB installation directory ... No GRUB directory found. To create a template run 'mkdir /boot/grub' first. To install grub, install it manually or try the

On 2.3.0p1, we have been experiencing the SSH2 stdout truncation problem that was reported by a few users. I built the 20010115 snapshot. It seems to correct the problem but before I was able to test it, I had to change sigchld_handler2 so it would not reset the signal handler before waitpid is called. On Irix, it seems a SIGCHLD is delivered for ever... I haven't tried the last snapshots so

Hi Rich, On Fri, Nov 9, 2018 at 1:19 PM, Richard W.M. Jones <rjones@redhat.com> wrote: > Peter Dimitrov and myself were debugging a very peculiar bug when > libguestfs is run as a plugin from collectd: > > https://www.redhat.com/archives/libguestfs/2018-November/thread.html#00023 > > The long story short is that collectd leaks SIGCHLD == SIG_IGN setting > into

On Fri, Nov 09, 2018 at 12:19:30PM +0000, Richard W.M. Jones wrote: > Peter Dimitrov and myself were debugging a very peculiar bug when > libguestfs is run as a plugin from collectd: > > https://www.redhat.com/archives/libguestfs/2018-November/thread.html#00023 > > The long story short is that collectd leaks SIGCHLD == SIG_IGN setting > into plugins: > >

http://bugzilla.mindrot.org/show_bug.cgi?id=182 Summary: ssh should still force SIGCHLD to be SIG_DFL when calling ssh-rand-helper Product: Portable OpenSSH Version: 3.1p1 Platform: ix86 OS/Version: All Status: NEW Severity: normal Priority: P3 Component: ssh AssignedTo:

Hi What if you have sysv signals (i.e. signal is restored when handler is called) and child process exits here? Zombie will be left, because SIGCHLD is ignored at that point. Shouldn't signal be before waitpid? Mikulas static void main_sigchld_handler(int sig) { int save_errno = errno; pid_t pid; int status; while ((pid = waitpid(-1, &status, WNOHANG))