similar to: [Bug 1105] Privilege Separation

http://bugzilla.mindrot.org/show_bug.cgi?id=1105 Summary: Privledge Separation Product: Portable OpenSSH Version: 4.2p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: giffordj at linkline.com

http://bugzilla.mindrot.org/show_bug.cgi?id=1123 Summary: Never Completes Generating Keygen Product: Portable OpenSSH Version: 4.2p1 Platform: Other OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh-keygen AssignedTo: bitbucket at mindrot.org ReportedBy: giffordj at

hi ! i have succesfully compiled libshout/icecast/ices on a quad ss20 (4xhypersparc@125mhz, 128mb ram). ten out of ten for a robust, cross-platform build, guys ! it compiled straight out of the box. i can start the server and it even connects to a remote server and starts to relay. when i run xmms from another machine and connect, it stops at "pre-buffering 0/32k". here's an

Is this a known problem? Niels. ----- Forwarded message from Judah Levine <jlevine at utcnist.colorado.edu> ----- Date: Fri, 5 Jul 2002 08:58:46 -0600 (MDT) From: Judah Levine <jlevine at utcnist.colorado.edu> To: provos at citi.umich.edu Subject: Privilege separation Hello, I have just installed openssh-3.4p1 on a COMPAQ/DEC/HP Alpha running True64 UNIX v4.0F. The privilege

Hello all, I have a question about the design of the privilege separation aspect of openSSH. From what I understand, the interface between the privileged process and the unprivileged one is implemented as a set of well-defined operations with only a small subset of these operations enabled at any given time. These operations are enabled and disabled depending on the task at hand. What I am

http://bugzilla.mindrot.org/show_bug.cgi?id=319 Summary: Privilege Separation failing on OSF1 v5.1 Product: Portable OpenSSH Version: -current Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=327 Summary: monitor_fdpass.c: Expected 1 got 1075033556 - Privilege Separation Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: Miscellaneous AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=331 Summary: ssh w/o privilege separation does not work for non-root users Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P3 Component: ssh AssignedTo:

A non-text attachment was scrubbed... Name: openssh-setcred.patch Type: text/x-patch Size: 2735 bytes Desc: PAM and Kerberos Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040527/d7678ac6/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: openssh-pam-privsep.patch Type: text/x-patch Size: 1171 bytes Desc: GSSAPIAuth PAM and

http://bugzilla.mindrot.org/show_bug.cgi?id=382 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From markus at openbsd.org 2002-09-11

FWIW, after patching the mmap issue, openssh still doesn't work on linux kernel 2.0.39 (+ patches): sshd[22202]: fatal: mm_receive_fd: expected type 1 got 2355841 I didn't dig deeper into it yet, but I believe 2.0 kernel does not support the kind of recvmsg() use privsep expects. -- v -- v at iki.fi

When the unprivileged child has chrooted it can no longer open /etc/resolv.conf, so if the resolver hasn't yet initialized itself then dns lookups will not be possible. This is unfortunately what normally happens, but sshd falls back gracefully. There are a couple of wrinkles: the resolver will typically try talking to a nameserver on the local host by default (using INADDR_ANY rather than

http://bugzilla.mindrot.org/show_bug.cgi?id=319 ------- Additional Comments From mouring at eviladmin.org 2002-06-29 02:59 ------- Created an attachment (id=120) Sounds like an SIA issue w/ privsep. Does this fix it? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=331 ------- Additional Comments From norbert.bladt at t-systems.ch 2002-07-03 17:34 ------- Forgot to mention the kernel version: 2.2.14-5.0, sorry. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=331 ------- Additional Comments From djm at mindrot.org 2002-09-10 22:11 ------- Are there any messages left in the log on the server end? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=331 ------- Additional Comments From djm at mindrot.org 2003-01-07 18:23 ------- 3 months, no followup == no bug ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

I'm using a simple mbox config with regular Unix users and pam authentication. I'm also using grsecurity. That's why I see what dovecot does in which users' name. As times goes by and new versions are coming I can frustratedly see, that more and more tasks are performed as root. Why? When I used 1.x series of Dovecot, imap process started in the name of the user whose mbox was

http://bugzilla.mindrot.org/show_bug.cgi?id=327 ------- Additional Comments From jmknoble at pobox.com 2002-07-02 04:11 ------- Could you please check the error message again? Is it: mm_receive_fd: recvmsg: expected received 1 got nnnnnnnn or is it this: mm_receive_fd: expected type 1 got nnnnnnnn ? Those are two different problems, within a few lines of each other. The exact text

http://bugzilla.mindrot.org/show_bug.cgi?id=839 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #600 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2004-05-21 13:08 -------

Something really hosed Digital/Tru64 UNIX SIA support in 2.5.2p1. I haven't been able to figure out what changed in the code, but the symptom seems to be that the TTY name being registered with SIA is truncated to eight characters. This apparently prevents it from matching with entries in the tty database, and the dreaded "Cannot obtain database information on this terminal