similar to: README.privsep

I have been asked to investigate the use of OpenSSH on some of our systems. These systems are running SCO OpenUnix ( Unixware 7.1.2). Are you aware of any issues that may prevent me from using OpenSSH on this version of SCO. Thank you Andrew Harasymiw Senior Technical Analyst Shoppers Drug Mart Office: (416) 493-1220 Ext: 5225 Cell: (416) 553-4616 Email: aharasymiw at

http://bugzilla.mindrot.org/show_bug.cgi?id=423 ------- Additional Comments From michael_steffens at hp.com 2002-11-02 02:40 ------- Created an attachment (id=162) --> (http://bugzilla.mindrot.org/attachment.cgi?id=162&action=view) Patch: Workaround for pw change in privsep mode (3.5.p1) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are

http://bugzilla.mindrot.org/show_bug.cgi?id=192 ------- Additional Comments From mouring at eviladmin.org 2002-03-28 04:04 ------- If I understand the PAM code (none of the PRIVSEP code has been made to work with it right now) one should never called auth_password() they should be calling auth_pam_password().. So in mm_answer_authpassword() function it should look something like this

http://bugzilla.mindrot.org/show_bug.cgi?id=312 ------- Additional Comments From stevesk at pobox.com 2002-07-18 14:07 ------- why is it required? i don't see any canohost.h functions in those files. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=205 ------- Additional Comments From mouring at eviladmin.org 2002-04-07 10:28 ------- Created an attachment (id=64) This patch (does not include configure.ac patch) should allow non-mmap platforms to compile, but will not allow them to use privsep period. One has to do more R&D to figure out where to disable compression on sshd since

i think our strategy for privsep is to just keep portable sync'd closely with openbsd's tree, even though things will be broken wrt privsep for many platforms. then we just get primary one's working and work out issues as we go along. i'll start to work on sun and hp-ux again tomorrow.

README.privsep: --------------- Privilege separation, or privsep, is method in OpenSSH by which ^^^^ operations that require root privilege are performed by a separate privileged monitor process. Its purpose is to prevent privilege s/is method/is a method/

http://bugzilla.mindrot.org/show_bug.cgi?id=276 ------- Additional Comments From stevesk at pobox.com 2002-06-15 14:26 ------- this is what i asked in a message a while back; can an IRIX expert help here? "should we be using a UNIX95 (or whatever) namespace for IRIX? what happens with D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1" ------- You are receiving this

http://bugzilla.mindrot.org/show_bug.cgi?id=329 Summary: gmake install prefix=... does not work with the privsep-path Product: Portable OpenSSH Version: -current Platform: MIPS OS/Version: IRIX Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo:

Hello, We use USE_POSIX_THREADS in our HP-UX build of OpenSSH. When we connect a non-root user with PAM [pam-kerberos] then I get the following error. debug3: PAM: opening session debug1: PAM: reinitializing credentials PAM: pam_setcred(): Failure setting user credentials This is particularly for non-root users with PrivSep YES. When I connect to a root user with PrivSep YES or to a non-root

Hi all. I have a question regarding privsep. Firstly, the following is my understanding of what happens when privsep is enabled: The sshd daemon is running as root listing on 22(a). When a connection is accepted, a child is forked to handle the connection, this child becomes the monitor(b). The monitor forks the pre-auth privsep slave(c), which sheds it privs and hides in its chroot jail.

What do we loose by not having post-auth privsep? What code is executed between authorization and actual setting of the effective uid? On Tue, 3 Sep 2002, Chris Adams wrote: > Once upon a time, Toni L. Harbaugh-Blackford <harbaugh at nciaxp.ncifcrf.gov> said: > > It appears that the integration of the sia session setup will either > > have to be rethought or abandoned

A colleague was having trouble running OpenSSH 3.3p on his server. He, like many of us, has been clobbered by the mighty security penis of Theo De Raadt into enabling "privsep". But on some Linux 2.2 kernels, this is broken. Apparantly, OpenSSH "portable" relies on non-POSIX compliant mmap() features. Making the mmap() call in monitor_mm.c look something like this:

Hi, I've seen a few patches related to the PrivSep works. As far as I can see, it seems to work by using a shared memory segment to communicate. I just want to point out that there are some unix systems that do not have mmap() (SCO, older SVR3 systems) or that might have problems with anonymous shared mmap() (don't have an examples, but e.g. the INN docs are full of warnings concerning

I've been trying to cut down the size of openssh so I can run it on my Nokia 770. One thing which helps a fair amount (and will help even more when I get '-ffunction-sections -fdata-sections --gc-sections' working) is to have the option of compiling out privilege separation... Is it worth me tidying this up and trying to make it apply properly to the OpenBSD version? Does the openbsd

https://bugzilla.mindrot.org/show_bug.cgi?id=3697 Bug ID: 3697 Summary: session.c:709:3: error: call to undeclared function 'PRIVSEP'; Product: Portable OpenSSH Version: 9.7p1 Hardware: ARM64 OS: Mac OS X Status: NEW Severity: normal Priority: P5 Component:

Hi. Solaris packages created by buildpkg.sh don't create privsep user or group and sshd won't start until they are created (or privsep is disabled): ## Executing postinstall script. starting /usr/local/sbin/sshd... Privilege separation user sshd does not exist /etc/init.d/opensshd: Error 255 starting /usr/local/sbin/sshd... bailing. The attached patch (against -cvs) ports the relevant

Hi, I'm unable to get Kerberos4 authentication working with openssh-3.4p1. I'm getting a message that privsep is not available on my platform (Irix 6.5.15) and another message stating that compression and privsep are mutually exclusive. But, ssh decided to turn off compression, I think because of servconf.c. I think it would be more usefull to have compression enabled and disable privsep

Well, after digging around and thinking some more, I'm giving up on the idea of preallocating a TTY to get post-auth privsep working on Tru64. I don't think it will work, because just allocating a TTY doesn't fix the problem - there's no valid way to tie that TTY back to the client process (because it hasn't requested a TTY yet and may not ever do so). The problem is that the

The following is just a simple 'if ANON|SHARE is broken, disable compression'. We don't have time for fancy stuff until we have time for long term testing. I have one friend of mine testing this. Can I get a few other people to test. This is against --current, but maybe work against 3.3p1. Unsure. BTW.. those on NeXT platform (if you have autoreconf) should also test this. this