Displaying 20 results from an estimated 200 matches similar to: "ssh drops privs when it can't find ~/.ssh/prng_seed"
2001 Sep 28
1
openssh-2.9.9p2 assumes pid_t, uid_t, etc. are not 'long'
openssh-2.9.9p2 assumes that pid_t, uid_t, gid_t, and mode_t are no
wider than int. GCC complains about this assumption on 32-bit Solaris
8 sparc, where these types are 'long', not 'int'. This isn't an
actual problem at runtime on this host, as long and int are the same
width, but it is a problem on other hosts where pid_t is wider than
int. E.g., I've heard that 64-bit
2000 Oct 11
1
Bug in OpenSSH 2.2.0p1
In line 542 of entropy.c is the owner of the PRNG seedfile checked. Root is
also a valid owner of this file.
So the line must be:
if (((st.st_mode & 0177) != 0) || !( (st.st_uid == original_uid) || (st.st_uid == 0) ) )
Regards,
Martin
---
Martin Luig
email: email at Martin-Luig.de
2006 May 15
0
[PATCH 12/12] bug fix: openssh 4.3p2 ssh-rand-helper bugs
There are 2 bugs here. Since mkdir can return an error. The rest of
the function's operations depend on this directory being created thus an
error should be handled at this point.
The second is f is never closed. This patch adds the needed fclose.
This entire set of patches passed the regression tests on my system.
Bugs found by Coverity.
Signed-off-by: Kylene Hall <kjhall at
2007 Jun 09
3
''reconfigurable'' option for package providers
The deb-oriented package providers (and others perhaps, it''s only debian
I''m looking at right now) allow one to set a seedfile with the
appropriate debconf responses when installing a package. However, there
doesn''t seem to be a tidy way inherent to puppet to handle reconfiguring
the package if the seedfile changes.
It can be done quite easily with something like the
2002 Jan 22
4
ssh-rand-helper
Now that ssh-rand-helper has been segregated into a separate program,
I'd like to revisit an old question about its entropy gathering.
- would it be desirable to make it possible for ssh-rand-helper to fall
back to external commands if PRNGD cannot be reached, instead of
choosing one or the other at compile time?
- When using PRNGD, the program gets 48 bytes of entropy from PRNGD,
2000 May 10
3
Trying to build OpenSSH-2.1.0 on HP-UX 10.20
Hi,
I just tried building of OpenSSH-2.1.0 on HP-UX 10.20 and found the following
items:
- The configure command I used at the beginning:
CC=cc CFLAGS="-Ae +O2 +DAportable" CPPFLAGS="-I/usr/local/include -I/usr/local/s
sl/include -I/usr/include/X11R6" LDFLAGS="-L/usr/local/lib -L/usr/local/ssl/lib
-L/usr/lib/X11R6" ./configure --prefix=/usr/local/openssh
2001 Feb 01
0
warnings on aix325
Hi,
I'm trying to compile openssh2.3.0p1 on aix3.2.5.
Can I ignore this list of warning messages?
bsd-bindresvport.c: In function `bindresvport_af':
bsd-bindresvport.c:94: warning: implicit declaration of function `bind'
bsd-rresvport.c: In function `rresvport_af':
bsd-rresvport.c:64: warning: implicit declaration of function `bzero'
bsd-rresvport.c:82: warning: implicit
2005 Feb 16
11
[Bug 968] OpenSSH 3.8p1 PRNG seed extraction failed error
http://bugzilla.mindrot.org/show_bug.cgi?id=968
djm at mindrot.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #760| |ok?
Flag| |
------- Additional Comments From djm at mindrot.org 2005-02-16 11:24 -------
2001 Jun 07
2
Patch to enable multiple possible sources of entropy
I have a need to have the same OpenSSH binaries run on multiple machines
which are administered by different people. That means on Solaris, for
example, there will be some with /dev/random, some on which I can run prngd
because they'll be installing my binaries as root, and some which will have
neither because they will be only installed as non-root. Below is a patch
to enable choosing all 3
2002 Apr 07
0
[Bug 208] New: SCO build/runtime fixes
http://bugzilla.mindrot.org/show_bug.cgi?id=208
Summary: SCO build/runtime fixes
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: gert at
2000 Aug 25
1
[patch] configurable ssh_prng_cmds
The following patch against openssh-SNAP-20000823 allows to override the
compile-time "ssh_prng_cmds" file at run time by adding new options to the
server and client configurations. (We move binaries around a bit, and this was
the only absolute path that couldn't be fixed at run-time).
Regards
Jan
diff -ur openssh-SNAP-20000823.orig/entropy.c openssh-SNAP-20000823.new/entropy.c
2008 Jun 14
0
[Bug 1249] pam_open_session called with dropped privs
https://bugzilla.mindrot.org/show_bug.cgi?id=1249
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dtucker at zip.com.au
--- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2008-06-15 05:27:49
2010 Sep 03
0
Using samba4 to escalate privs.
Ye ol' sidHistory edit attack in new disguise using samba4. I don't think
you can consider it to be a hack but I had a lot of fun playing about with
ldbedit. Samba4 is wikked, it really opens up AD, I had a lot of fun setting
it up. Check my blogg for my little sidHistory priv escalation tutorial
(domain admin to enterprise admin).
2006 Oct 09
3
[Bug 1249] pam_open_session called with dropped privs
http://bugzilla.mindrot.org/show_bug.cgi?id=1249
Summary: pam_open_session called with dropped privs
Product: Portable OpenSSH
Version: 4.4p1
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: bitbucket at mindrot.org
ReportedBy: dleonard at
2006 Sep 08
1
smbusers and root privs
Running samba-3.0.23c on Genoo linux
Is it possible with smbusers to allow a windows user to have root
privleges on a linux share?
A stock install of samba on Gentoo ends up with an /etc/samba/smbusers
file that contains this mapping:
root = administrator admin
It appears then that other windows users could as well be mapped to
root like:
root = administrator admin harry
and since I am the
2007 Jan 31
1
[patch?] dtrace privs in zones ?
Hello,
According to
http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=4970596 and
other notes I read
it appears that the ability to run dtrace programs (by having
dtrace_proc and dtrace_user privileges configured inside NGZ''s)
has been made available (through various projects) since build 37 of
Nevada. I am not merely referring to configurable privileges alone, but
to
2021 Dec 29
1
Wiki editing privs
Hi,
I'd like to (re-)request permission to edit wiki.centos.org. My username
is ThomasDoczkal.
I noticed that Cloud/Manage/Ansible is outdated and would like to update
it where links to external pages are still available.
From there I'd like to update
Cloud/*
Documentation/*
TipsAndTricks/*
HowTos/*
Best Regards,
Thomas
2010 Sep 11
1
Admin Privs When Joining Domain
Hello,
When I attempt to join the domain using YaST (openSUSE's system
configuration tool) or 'net join DOMAIN,' it prompts me for a network
admin's username/password. The IT network admin already manually joined the
machine to the network's AD domain (server-side), but Samba still needs a
username/password. The workstations are batch-installs and are unattended,
so we need a
2005 Jan 05
1
PDC moved; domain admin user lost privs
Greetings,
We recently moved our Samba PDC from one linux-based samba server to
another. I copied samba's settings (rsync'd /etc/samba/*) exactly, and
the new PDC has the same IP address, host name and overall config. (same
version of samba, same kernel, etc)
Since moving the PDC, Windows XP workstations no longer recognize the
smb.conf defined "admin users" as domain
2006 Oct 06
1
Backing up individual user home dirs using user privs.
Hey All,
After RTM, web page and searching the archives, I felt it worth a shot at
mailing the list with my query.
I am looking at using rsync and various third party GUI's (rsyncX, nasbackup)
to backup our departmental desktops to our nice new multi-terabyte
fileserver.
When we run rsync in daemon mode, it of course runs as nobody:nogroup and I am
aware of being able to set that to any