similar to: ssh drops privs when it can't find ~/.ssh/prng_seed

openssh-2.9.9p2 assumes that pid_t, uid_t, gid_t, and mode_t are no wider than int. GCC complains about this assumption on 32-bit Solaris 8 sparc, where these types are 'long', not 'int'. This isn't an actual problem at runtime on this host, as long and int are the same width, but it is a problem on other hosts where pid_t is wider than int. E.g., I've heard that 64-bit

In line 542 of entropy.c is the owner of the PRNG seedfile checked. Root is also a valid owner of this file. So the line must be: if (((st.st_mode & 0177) != 0) || !( (st.st_uid == original_uid) || (st.st_uid == 0) ) ) Regards, Martin --- Martin Luig email: email at Martin-Luig.de

There are 2 bugs here. Since mkdir can return an error. The rest of the function's operations depend on this directory being created thus an error should be handled at this point. The second is f is never closed. This patch adds the needed fclose. This entire set of patches passed the regression tests on my system. Bugs found by Coverity. Signed-off-by: Kylene Hall <kjhall at

The deb-oriented package providers (and others perhaps, it''s only debian I''m looking at right now) allow one to set a seedfile with the appropriate debconf responses when installing a package. However, there doesn''t seem to be a tidy way inherent to puppet to handle reconfiguring the package if the seedfile changes. It can be done quite easily with something like the

Now that ssh-rand-helper has been segregated into a separate program, I'd like to revisit an old question about its entropy gathering. - would it be desirable to make it possible for ssh-rand-helper to fall back to external commands if PRNGD cannot be reached, instead of choosing one or the other at compile time? - When using PRNGD, the program gets 48 bytes of entropy from PRNGD,

Hi, I just tried building of OpenSSH-2.1.0 on HP-UX 10.20 and found the following items: - The configure command I used at the beginning: CC=cc CFLAGS="-Ae +O2 +DAportable" CPPFLAGS="-I/usr/local/include -I/usr/local/s sl/include -I/usr/include/X11R6" LDFLAGS="-L/usr/local/lib -L/usr/local/ssl/lib -L/usr/lib/X11R6" ./configure --prefix=/usr/local/openssh

Hi, I'm trying to compile openssh2.3.0p1 on aix3.2.5. Can I ignore this list of warning messages? bsd-bindresvport.c: In function `bindresvport_af': bsd-bindresvport.c:94: warning: implicit declaration of function `bind' bsd-rresvport.c: In function `rresvport_af': bsd-rresvport.c:64: warning: implicit declaration of function `bzero' bsd-rresvport.c:82: warning: implicit

http://bugzilla.mindrot.org/show_bug.cgi?id=968 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #760| |ok? Flag| | ------- Additional Comments From djm at mindrot.org 2005-02-16 11:24 -------

I have a need to have the same OpenSSH binaries run on multiple machines which are administered by different people. That means on Solaris, for example, there will be some with /dev/random, some on which I can run prngd because they'll be installing my binaries as root, and some which will have neither because they will be only installed as non-root. Below is a patch to enable choosing all 3

http://bugzilla.mindrot.org/show_bug.cgi?id=208 Summary: SCO build/runtime fixes Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: gert at

The following patch against openssh-SNAP-20000823 allows to override the compile-time "ssh_prng_cmds" file at run time by adding new options to the server and client configurations. (We move binaries around a bit, and this was the only absolute path that couldn't be fixed at run-time). Regards Jan diff -ur openssh-SNAP-20000823.orig/entropy.c openssh-SNAP-20000823.new/entropy.c

https://bugzilla.mindrot.org/show_bug.cgi?id=1249 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au --- Comment #4 from Darren Tucker <dtucker at zip.com.au> 2008-06-15 05:27:49

Ye ol' sidHistory edit attack in new disguise using samba4. I don't think you can consider it to be a hack but I had a lot of fun playing about with ldbedit. Samba4 is wikked, it really opens up AD, I had a lot of fun setting it up. Check my blogg for my little sidHistory priv escalation tutorial (domain admin to enterprise admin).

http://bugzilla.mindrot.org/show_bug.cgi?id=1249 Summary: pam_open_session called with dropped privs Product: Portable OpenSSH Version: 4.4p1 Platform: PPC OS/Version: AIX Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: dleonard at

Running samba-3.0.23c on Genoo linux Is it possible with smbusers to allow a windows user to have root privleges on a linux share? A stock install of samba on Gentoo ends up with an /etc/samba/smbusers file that contains this mapping: root = administrator admin It appears then that other windows users could as well be mapped to root like: root = administrator admin harry and since I am the

Hello, According to http://bugs.opensolaris.org/bugdatabase/view_bug.do?bug_id=4970596 and other notes I read it appears that the ability to run dtrace programs (by having dtrace_proc and dtrace_user privileges configured inside NGZ''s) has been made available (through various projects) since build 37 of Nevada. I am not merely referring to configurable privileges alone, but to

Hi, I'd like to (re-)request permission to edit wiki.centos.org. My username is ThomasDoczkal. I noticed that Cloud/Manage/Ansible is outdated and would like to update it where links to external pages are still available. From there I'd like to update Cloud/* Documentation/* TipsAndTricks/* HowTos/* Best Regards, Thomas

Hello, When I attempt to join the domain using YaST (openSUSE's system configuration tool) or 'net join DOMAIN,' it prompts me for a network admin's username/password. The IT network admin already manually joined the machine to the network's AD domain (server-side), but Samba still needs a username/password. The workstations are batch-installs and are unattended, so we need a

Greetings, We recently moved our Samba PDC from one linux-based samba server to another. I copied samba's settings (rsync'd /etc/samba/*) exactly, and the new PDC has the same IP address, host name and overall config. (same version of samba, same kernel, etc) Since moving the PDC, Windows XP workstations no longer recognize the smb.conf defined "admin users" as domain

Hey All, After RTM, web page and searching the archives, I felt it worth a shot at mailing the list with my query. I am looking at using rsync and various third party GUI's (rsyncX, nasbackup) to backup our departmental desktops to our nice new multi-terabyte fileserver. When we run rsync in daemon mode, it of course runs as nobody:nogroup and I am aware of being able to set that to any