similar to: [PATCH]: Workaround a security leak on Windows

This adds support for systemd socket-based activation in the ssh-agent. When using socket activation, the -a flag value must match the socket path provided by systemd, as a sanity check. Support for this feature is enabled by the --with-systemd configure flag. --- Something tells me upstream would not be interested in this patch, but as it may be useful on linux, I'm submitting it here.

Hi, I have a problem with the extern declarations of optarg, optind, etc. We're currently moving getopt from being a statically linked function to a dynamically linked function as part of the Cygwin DLL. On Windows, this requires to generate special symbols (__imp__optarg, etc.), which is done by marking the exported variables in the corresponding header. Instead of extern char *optarg;

The idea behind this change is to add support for different "ssh-agents" being able to run at the same time. It does not change the current behaviour of the ssh-agent (which will set SSH_AUTH_SOCK just for itself). Neither does it change the behaviour of SSH_AGENT_PID (which still supports only one pid). The new implementation will go through the list of sockets (which are separated by a

Attached is the patch for the Cygwin port of 2.2.0p1. As usual I didn't attach the patch to `configure' but only the patch to `configure.in'. BTW: I have attached a gzip'd version of the patch since it's size is > 20K and I thought that it might be too big. The gzip'd diff is < 8K. What are "Small attachments (such as diff files) within the bounds of common

I am enclosing a context diff of the changes that I made to get openssh working on UWIN. UWIN is a UNIX operating system layer that runs on Win32 systems. For more information on UWIN go to http://www.research.att.com/sw/tools/uwin/. I also ran configure using -with-cppflags=-D_BSDCOMP=2. I don't know where that information would go with the source code. Let me know if you need more

Hi, As the subject suggests, I am looking for the most robust way to call an (arbitrary) function from the R API from another but the main POSIX thread in a package's code. I know that, "[c]alling any of the R API from threaded code is ?for experts only? and strongly discouraged. Many functions in the R API modify internal R data structures and might corrupt these data structures if

Stepan, Andreas gave a lot more thought into what you question in your reply. His question was how you can avoid what you where proposing and have proper threading under safe conditions. Having dealt with this before, I think Andreas' write up is pretty much the most complete analysis I have seen. I'd wait for Luke to chime in as the ultimate authority if he gets to it. The

Hi. Here are the relevant details about the setup: SunOS 4.1.4 gcc 2.7.2.2 tcp wrappers 7.5 egd 0.6 (doesn't really come into play at compile time) The following only pertains to the compilation (and linking) stage. Code and patches are SunOS specific. -- The following functions are missing in SunOS: strerror, atexit, memmove. I wrote simple replacements in term of on_exit and bcopy

Hi, the following patch by Pierre A. Humblet <Pierre.Humblet at ieee.org> allows to use more than one uid on 9x/Me boxes which is currently blocked due to the behaviour of Cygwin's security code. After this patch is applied to sshd, we can safely change the affected code in Cygwin. Thanks, Corinna Index: session.c ===================================================================

Hi folks, (3rd time I am sending this message, none of the other appear to have made it through!) Using "OpenSSH_6.9p1 Ubuntu-2ubuntu0.1, OpenSSL 1.0.2d 9 Jul 2015" on the server, "OpenSSH_7.2p2, OpenSSL 1.0.2g 1 Mar 2016" on the client. I am trying to use sshtunnel with StreamLocal forwarding to enable me to connect back to the client's ssh port, without having to

I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if

This is based on openssh-2.0.0beta1. There are a few rough spots: 1) SunOS doesn't have ut_type in struct utmp so I just whacked in the old login() from openssh-1.2.3. 2) There is a SUNOS4 section added to defines.h -- this could probably be a bit cleaner. 3) sigaction on SunOS is implemented via #defines to sigvec, thus there is no SA_RESTART (this is the default behavior).

Hi, I've sent that patch once already but it seems more or less forgotten in the tumultuous days of the latest vulnerability. It adds a new define NO_IPPORT_RESERVED_CONCEPT which can be defined on platforms not supporting the concept of "privileged" ports only accessible by privileged users but which allow everyone to use these ports. This patch removes some Cygwin dependencies

Hi, the following patch fixes a potential security hole in the Cygwin version of sshd. If you're logging in to a Cygwin sshd with version 2 protocol using an arbitrary user name which is not in /etc/passwd, the forked sshd which is handling this connection crashes with a segmentation violation. The client side encounters an immediate disconnect ("Connection reset by peer").

Hi, attached is a patch which solves the following problem: Sometimes scp could hang in Cygwin when used as remote end using the -t option. This is due to a binmode/textmode problem which could be raised by the login shell which is used by the user and it's setting of textmode on stdin. The patch solves that problem by explicitly setting binmode on stdin. Besides solving the hanging

Hi, I have added calls to `check_ntsec()' to the code which checks for the ownership and modes of identity files and directories. As you might know, check_ntsec() tests if owner/modes are supported by the OS (9x/ME=no, NT/W2K=yes), the filesystem (FAT/FAT32=no, NTFS=yes) and the current Cygwin settings (ntea/ntsec). Corinna Index: auth-rhosts.c

Hi All. I tried building -current on Cygwin but got a couple of minor errors. The first is in auth-passwd.c where it appears Ben got a bit over-enthusiastic cleaning up :-). The patch restores the relevant "#ifdef HAVE_CYGWIN" fragment. The second is in the send-break code in session.c, which won't compile because Cygwin apparently doesn't have TIOCSBRK and TIOCCBRK ioctls.

Hi. This was added just before 3.4p1 for passing to aix_usrinfo and is now unused. -Daz. Index: session.c =================================================================== RCS file: /cvs/openssh/session.c,v retrieving revision 1.210 diff -u -r1.210 session.c --- session.c 4 Jul 2002 03:08:41 -0000 1.210 +++ session.c 15 Jul 2002 11:50:14 -0000 @@ -1159,8 +1159,6 @@ void

3.8p1 added the following to main() in sshd.c: #ifndef HAVE_CYGWIN /* Clear environment */ environ[0] = NULL; #endif This breaks the getenv("TZ") in session.c and causes logins to occur in GMT time. It also causes any sshd syslog messages to be written in GMT time. I'm on SCO Openserver 5.0.7, but this looks like it should affect all platforms. Am I missing something? I

Hi, The code definitely attempts to unlink any old listener beforehand (see misc.c:unix_listener()) so I don't understand why that isn't being called. You might try simulating your configuration using sshd's -T and -C to make sure the flag is correctly being set. Could chroot be interfering? Some platforms implement additional restrictions on devices and sockets inside chroot. -d