similar to: Specifying a fixed uid for RedHat RPM PrivSep user

Hello! Now that PrivSep stuff works for PAM too, I took the time to update contrib/redhat/openssh.spec to create the sshd user and set up the /var/empty dir when installing the packages. These have been done the Red Hat style, the uid/gif 74 is currently free in RHL. The only minor issues I could think of were: - I'm not sure if /var/empty should be owned by openssh-server package, but

What do we loose by not having post-auth privsep? What code is executed between authorization and actual setting of the effective uid? On Tue, 3 Sep 2002, Chris Adams wrote: > Once upon a time, Toni L. Harbaugh-Blackford <harbaugh at nciaxp.ncifcrf.gov> said: > > It appears that the integration of the sia session setup will either > > have to be rethought or abandoned

Hello, I updated the latest snapshot as RPM's to two of my systems. Basic stuff seems to be working ok. Privilege separation failed though, possibly because I didn't populate /var/empty with PAM entries. Privsep might be a bit raw in any case, at least for the portable. FWIW, I came across error message 'sshd: no user' and had to scratch my head a bit to figure out what it

Hi, This is included in the release now; any feedback? Privilege separation, or privsep, is method in OpenSSH by which operations that require root privilege are performed by a separate privileged monitor process. Its purpose is to prevent privilege escalation by containing corruption to an unprivileged process. More information is available at:

Hi, I built rpm from openssh-2.5.1p1 srpm on redhat 6.2, then installed it. When trying to ssh from other machine, sshd gives error: ..... Feb 20 17:54:24 foo PAM_pwdb[925]: (login) session opened for user doe by LOGIN(uid=0) Feb 20 17:55:15 foo sshd[1342]: Connection closed by 192.168.0.3 Feb 20 17:55:43 foo sshd[1343]: PAM unable to dlopen(/lib/security/pam_stack.so) Feb 20 17:55:43 foo

Hi, I've seen a few patches related to the PrivSep works. As far as I can see, it seems to work by using a shared memory segment to communicate. I just want to point out that there are some unix systems that do not have mmap() (SCO, older SVR3 systems) or that might have problems with anonymous shared mmap() (don't have an examples, but e.g. the INN docs are full of warnings concerning

Hi Volker! This is what I wanted to avoid with my question. I reported my script with only three word just to make an example but my list is quite longer than this. Let's suppose a list of 30 or 40 words... 30 or 40 rules? Possible but very unconfortable to manage. A more compact version of the script could be this: -- the script begins ------------ require ["fileinto",

Hello, We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a non-root user with PAM [pam-kerberos] then I get the following error. debug3: PAM: opening session debug1: PAM: reinitializing credentials PAM: pam_setcred(): Failure setting user credentials This is particularly for non-root users with PrivSep YES. When I connect to a root user with PrivSep YES or to a non-root

http://bugzilla.mindrot.org/show_bug.cgi?id=329 Summary: gmake install prefix=... does not work with the privsep-path Product: Portable OpenSSH Version: -current Platform: MIPS OS/Version: IRIX Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo:

On Tue, 2003-06-17 at 09:45, Nick Stephens wrote: > Greetings! > > I have grabbed the latest samba3 cvs source, and successfully compiled it, > got it talking to my NT server, joined the domain, etc.. life is good. > But, now I have a question kinda related to functionality, i believe... > > A quick synopsis of my goal is as follows: > > i currently have a sendmail

Hi all. I have a question regarding privsep. Firstly, the following is my understanding of what happens when privsep is enabled: The sshd daemon is running as root listing on 22(a). When a connection is accepted, a child is forked to handle the connection, this child becomes the monitor(b). The monitor forks the pre-auth privsep slave(c), which sheds it privs and hides in its chroot jail.

Has anybody got privsep and compression working together on Solaris 2.6 and 2.5.1? I have no problem getting it working under Solaris 8, but on 2.5.1/2.6 it says: # ./sshd -p 6666 This platform does not support both privilege separation and compression Compression disabled -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Kevin Currie | |

http://bugzilla.mindrot.org/show_bug.cgi?id=270 ------- Additional Comments From dtucker at zip.com.au 2002-06-09 19:59 ------- Created an attachment (id=111) sshd output on AIX w/PrivSep ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

As I understand it, the idea behind privsep is to prevent malicious data from the client-side of a connection corrupting a server-side process running as root. To achieve that, it is important that post-auth privilege separation happen, ie, that the sshd process change uid to the (authenticated) user. But it is also true that this very same process can perform root-level work without risk of being

Hi, I'm unable to get Kerberos4 authentication working with openssh-3.4p1. I'm getting a message that privsep is not available on my platform (Irix 6.5.15) and another message stating that compression and privsep are mutually exclusive. But, ssh decided to turn off compression, I think because of servconf.c. I think it would be more usefull to have compression enabled and disable privsep

Hi Toni, I'm sorry, I haven't had much time to work on this today. When I run sshd (from the patched snapshot) in a debugger, with a breakpoint early in setup_sia(), this is what I find after connecting with a client: (1) There are two sshd processes. One is running as root, and the other as the user I logged with using the client. The root process is the one in the debugger,

Either this never made it to the list or no one cares about Tru64. This is the last time I'll send this patch to the list. If no one steps up and finishes it or provides me with enough information to fix any remaining bugs (one being complaint that 'ssh site cmd' does not work right). If there is no activity on this for a week. I'll post it to bugzilla and will ignore any

i think our strategy for privsep is to just keep portable sync'd closely with openbsd's tree, even though things will be broken wrt privsep for many platforms. then we just get primary one's working and work out issues as we go along. i'll start to work on sun and hp-ux again tomorrow.

Well, after digging around and thinking some more, I'm giving up on the idea of preallocating a TTY to get post-auth privsep working on Tru64. I don't think it will work, because just allocating a TTY doesn't fix the problem - there's no valid way to tie that TTY back to the client process (because it hasn't requested a TTY yet and may not ever do so). The problem is that the

http://bugzilla.mindrot.org/show_bug.cgi?id=324 ------- Additional Comments From jan.iven at cern.ch 2002-06-30 09:19 ------- Created an attachment (id=125) KRB4/KRB5/AFS with privsep ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.