similar to: Linux 2.2 + borken mmap() round 1

I had to modify the file monitor_mm.c to get the privledge separation to work for Linux 2.0.36 (and above) and am passing on the patch to you; if there is a better place to send this, please let me know. I've included a new #define (USE_MMAP_DEV_ZERO) to select this patch, but am not including the patch to config.h---if there's a better name for it, please, by all means, change it.

Simon Cooper already mailed in a patch to get the effects of MAP_ANON on IRIX systems, but it was against openssh/3.3p1. I've reapplied his patach to openssh/3.4p1 and include it as an attachment. Here's his explanation: > I noticed that the recent release requires the existence of MAP_ANON to get > an anonymous memory region. In Irix the equivalent functionality can be >

here's a patch to 3.3p1 for Solaris 2.6 - it does not handle mmap() with fd = -1. does it look okay? itojun --- work.i386/openssh-3.3p1/servconf.c- Tue Jun 25 23:43:22 2002 +++ work.i386/openssh-3.3p1/servconf.c Tue Jun 25 23:43:33 2002 @@ -257,7 +257,7 @@ if (use_privsep == -1) use_privsep = 1; -#if !defined(HAVE_MMAP) || !defined(MAP_ANON) +#if !defined(HAVE_MMAP) if

Linux 2.2 (and probably others) have a deficient mmap which has caused a number of problems (e.g. bug #285). A workaround is in development, but it would be helpful to have a configure test to detect the bad mmaps(). Any takers? -d

http://bugzilla.mindrot.org/show_bug.cgi?id=259 ------- Additional Comments From Al.Smith at gold.net 2002-06-25 18:09 ------- Linux 2.2 defines MAP_ANON in <bits/mman.h>, however it can seen in /usr/src/linux/mm/mmap.c (lines 200 onwards) that if MAP_ANON is used then the system call will return -EINVAL. The following is a quick hack to get openssh to compile on linux 2.2: diff -ur

Here I would like to suggest a replacement for MAP_ANON on systems which do not have it, such as Solaris < 8. In "man mmap" of Solaris 8: When MAP_ANON is set in flags, and fd is set to -1, mmap() provides a direct path to return anonymous pages to the caller. This operation is equivalent to passing mmap() an open file descriptor on /dev/zero with

I just upgraded to OpenSSH3.2.3p1 as it seemed that UsePrivilegeSeparation yes might help with my problem (connections forwarded are owned by root instead of the user I logged in as on the server), but instead, sshd barfs on receiving a connection. Without UsePrivilegeSeparation the server works fine. # strace -o /tmp/sshd.str sshd -d debug1: sshd version OpenSSH_3.2.3p1 debug1: private host

Discovered this post an upgrade to 2.9.9p2, Solaris 2.5.1 dirname is busted for paths like "/usr", returning "" rather than "/". Index: acconfig.h =================================================================== RCS file: /cvsroot/upstream/openssh/acconfig.h,v retrieving revision 1.1.1.3 diff -u -r1.1.1.3 acconfig.h --- acconfig.h 2001/10/23 15:18:33 1.1.1.3 +++

The next OpenSSH release is close, too. If you want OpenSSH 3.2 to be the best version of OpenSSH, then please test the snapshots. If you like to see new features in future OpenSSH releases, then test the snapshots. If you are running OpenBSD then please test the OpenBSD snapshots. If you are running the portable OpenSSH release then please test the nightly snapshots from

Hello! Please consider including the attached patch in the next release. It allows one to drop privilege separation code while building openssh by using '--disable-privsep' switch of configure script. If one doesn't use privilege separation at all, why don't simply allow him to drop privilege separation support completely? -- Sincerely Your, Dan. -------------- next part

I've been trying to cut down the size of openssh so I can run it on my Nokia 770. One thing which helps a fair amount (and will help even more when I get '-ffunction-sections -fdata-sections --gc-sections' working) is to have the option of compiling out privilege separation... Is it worth me tidying this up and trying to make it apply properly to the OpenBSD version? Does the openbsd

The latest snapshot (20020324) fails to compile here. Linux 2.4.18-rc1 Alpha The first messages are: monitor_wrap.c: In function `mm_request_receive': monitor_wrap.c:91: warning: int format, different type arg (arg 3) monitor_wrap.c:100: warning: int format, different type arg (arg 3) which have to do with fatal() calls and int not being the same as ssize_t... But the next one is the

A colleague was having trouble running OpenSSH 3.3p on his server. He, like many of us, has been clobbered by the mighty security penis of Theo De Raadt into enabling "privsep". But on some Linux 2.2 kernels, this is broken. Apparantly, OpenSSH "portable" relies on non-POSIX compliant mmap() features. Making the mmap() call in monitor_mm.c look something like this:

http://bugzilla.mindrot.org/show_bug.cgi?id=205 ------- Additional Comments From mouring at eviladmin.org 2002-04-07 10:28 ------- Created an attachment (id=64) This patch (does not include configure.ac patch) should allow non-mmap platforms to compile, but will not allow them to use privsep period. One has to do more R&D to figure out where to disable compression on sshd since

Ok.. I'm starting official testing calls early this release. I'd like to have more feedback and more time for handling fixes. If people could test snapshots (http://www.openssh.org/portable.html, pick your favorate mirror and select snapshots directory) and report failures it would be useful. For those with pmake install there is regress/ which you can try out. It may help any platform

Hi Interix does not know MAP_ANON or -NOCORE only MAP_SHARED, -PRIVATE and -FIXED. Henrik _________________________________________________________________ F� alle de nye og sjove ikoner med MSN Messenger http://messenger.msn.dk/ -------------- next part -------------- A non-text attachment was scrubbed... Name: Memory.cpp.zip Type: application/x-zip-compressed Size: 495 bytes Desc: not

Hi, This is included in the release now; any feedback? Privilege separation, or privsep, is method in OpenSSH by which operations that require root privilege are performed by a separate privileged monitor process. Its purpose is to prevent privilege escalation by containing corruption to an unprivileged process. More information is available at:

Hello I decided to test password migration (on Solaris 8 box with SUNWspro C) and built samba with pam_smbpass module : CC=cc ./configure --prefix=/opt/local/samba --with-acl-support --with-pam --with-pam_smbpass Then installed bin/pam_smbpass.so in /usr/lib/security : # ls -al /usr/lib/security/pam_smbpass.so -rwxr-xr-x 1 root sys 2091380 Oct 23 11:01

I configure as follows: ./configure --with-zlib=/usr/local/include cc -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o monitor_mm.o

hello, little problem compiling openssh 4.6p1 on irix using mipspro 7.4.x. c99 -o sshd sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o sshpty.o sshlogin.o servconf.o serverloop.o auth.o auth1.o auth2.o auth-options.o session.o auth-chall.o auth2-chall.o groupaccess.o auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o auth2-none.o auth2-passwd.o auth2-pubkey.o