similar to: question about temporarily_use_uid()

Ok, for those running NeXT and other platforms with broken/missing _POSIX_SAVED_ID please try this patch, and anyone that has spent any amount of time dealing with this problem. I believe it's right. BTW, this patch is no where near as big as it looks. The patch was done against an earily version of the tree which had an issue with white space. - Ben --- ../openssh/uidswap.c Sun Apr 22

Linux has just raised the NGROUPS_MAX limit from 32 to 64k. In doing an audit of various tools, openssh turned up as having incorrect groups handling. Almost no user-space apps really care about NGROUPS_MAX. A proposed patch (untested, since the CVS build won't compile on my RH box.. :-/) : What think? Index: uidswap.c ===================================================================

Currently openssh (3.4p1) relies on the NGROUPS_MAX define. This makes the number of allowed simultaneous (per-user) secondary groups a compile-time decision. $ find . -name \*.c | xargs grep NGROUPS_MAX ./groupaccess.c:static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ ./groupaccess.c: gid_t groups_bygid[NGROUPS_MAX + 1]; ./uidswap.c:static gid_t

http://bugzilla.mindrot.org/show_bug.cgi?id=787 Summary: Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd) Product: Portable OpenSSH Version: 3.7.1p2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

Hi, the below patch drops another test for uid 0 on Cygwin. It's embarassing that I never found it. Actually temporarily_use_uid never worked on Cygwin due to that. So far that had no influence, but now that we have activated another feature which makes Cygwin more POSIX-like, somebody on the Cygwin list found that agent forwarding didn't work anymore. The reason is that due to the

Fixes a potential (but probably rather unlikely) use after free bug in function temporarily_use_uid(), file uidswap.c. --- a/uidswap.c +++ b/uidswap.c @@ -113,8 +113,9 @@ temporarily_use_uid(struct passwd *pw) } } /* Set the effective uid to the given (unprivileged) uid. */ - if (setgroups(user_groupslen, user_groups) < 0) -

Hello, I was trying to build a chrooted sftp account when I faced a problem. The chroot is done with the patch present in the contrib subdirectory in the portable version (I'm under linux slackware current). My problem is that verifying access rights on directories and files are too tight and then I couldn't have the following things : The user sftp, with primary group sftp, is chrooted

http://bugzilla.mindrot.org/show_bug.cgi?id=136 Summary: setgid() deemed to fail for non-suid ssh client on linux if using other than primary group Product: Portable OpenSSH Version: 3.0.2p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh

openssh-2.9.9p2 assumes that pid_t, uid_t, gid_t, and mode_t are no wider than int. GCC complains about this assumption on 32-bit Solaris 8 sparc, where these types are 'long', not 'int'. This isn't an actual problem at runtime on this host, as long and int are the same width, but it is a problem on other hosts where pid_t is wider than int. E.g., I've heard that 64-bit

There is an error when installing ssh as a non root user on SGI IRIX 6.5.5m. See the error below when negotiating connection: ---BEGIN ERROR LISTING--- ssh -c blowfish -P -v -p 3400 -X -i /usr/people/bozo/.ssh/identity -l bozo 1.2.3.4 SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /free/bozo/sgi/etc/ssh_config debug:

http://bugzilla.mindrot.org/show_bug.cgi?id=374 Summary: uidswap.c doesn't compile on SCO 3.2v4.2 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

I like to compile ssh-3.0.2 on Solaris 2.7 with 64 Bit support in static mode. But I get a fatal error. The compilation with shared libraries is working very fine. Does anyone has ideas to compile OpenSSH cleanly in static mode? gcc -static -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/include -DETCDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM =\"/usr/ssh/bin/ssh\"

Don't feel stupid. I'd guess you're using 2.4 kernel and not the 2.2 kernel? In 2.2 services default to using inet.d In 2.4 services default to using xinetd to start stuff. You need to go to /etc/xinet.d and make sure the file swat has a "disable=no" in it. As a matter of fact, for security purposes, I'd do a vi * in that directory (/etc/xinet.d ) and make sure

Thanks. In my rc.icecast script, I put a >/tmp/icecast.out and a 2>/tmp/icecast.err to try and follow your advice. When I turned it on, I got alot of "You can run, but you can't hide" lines over and over in the icecast.out file. I tracked it down in the code and found src/admin.c was printing the message. The function handle_admin function has a while loop that prints the

Currently samba (2.0.6) relies on the NGROUPS_MAX define. This makes the number of allowed simultaneous (per-user) secondary groups a compile-time decision. $ find . -name \*.c | xargs grep NGROUPS ./source/lib/system.c: if (setlen > NGROUPS_MAX) { ./source/lib/replace.c: gid_t grouplst[NGROUPS_MAX]; ./source/lib/replace.c: while (i < NGROUPS_MAX &&

Hello, Samba 2.2.2 is Installed on Solaris ...which is acting as a PDC. I am able to add WinNT m/c to the samba PDC. How to add Win2K PC to Samba PDC? Please Reply.. Regards & Thanx, Sharada __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com

Awesome, I'm psyched for 1.0.3.... the ID3v1 winamp2 support will be a neat addition, as is the faster decodes. Will 24-bit audio play nice with the final public version of 1.0.3? MW On Tue, 11 Jun 2002, Josh Coalson wrote: > One more thing... you will probably have to > > chmod +x flac-1.0.3_beta/test/test_streams.sh > > before doing the 'make check'. > >

Hi All I am new to ssh. Somebody please tell me know how telnet is connected to SSH Thanks Barel __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com

Which plugins do you mean? I thought I remember Winamp, for instance, being able to do word-length reduction on the fly. The only place I can find this feature is in the Monkey's Audio codec plugin, though. Anyway, great news Josh! Thanks for making 24-bit audio support in FLAC a priority. :) MW On Tue, 11 Jun 2002, Josh Coalson wrote: > --- Mike Wren <mikew@etree.org>

Hi, I'm a developer of a static analysis tool canalyze. Recently I applied it to Openssh-6.2p1. It seems some reports are real after by manually checking: 1. Use undefined value file: dispatch.c function: dispatch_run At line 93: type = packet_read_poll_seqnr(&seqnr); seqnr may not be override at file: packet.c function: packet_read_poll_seqnr line 1442 where compat20 is 0. 2. Null