similar to: [Bug 259] UsePrivilegeSeparation crashed sshd under Linux 2.2

The following is just a simple 'if ANON|SHARE is broken, disable compression'. We don't have time for fancy stuff until we have time for long term testing. I have one friend of mine testing this. Can I get a few other people to test. This is against --current, but maybe work against 3.3p1. Unsure. BTW.. those on NeXT platform (if you have autoreconf) should also test this. this

Simon Cooper already mailed in a patch to get the effects of MAP_ANON on IRIX systems, but it was against openssh/3.3p1. I've reapplied his patach to openssh/3.4p1 and include it as an attachment. Here's his explanation: > I noticed that the recent release requires the existence of MAP_ANON to get > an anonymous memory region. In Irix the equivalent functionality can be >

here's a patch to 3.3p1 for Solaris 2.6 - it does not handle mmap() with fd = -1. does it look okay? itojun --- work.i386/openssh-3.3p1/servconf.c- Tue Jun 25 23:43:22 2002 +++ work.i386/openssh-3.3p1/servconf.c Tue Jun 25 23:43:33 2002 @@ -257,7 +257,7 @@ if (use_privsep == -1) use_privsep = 1; -#if !defined(HAVE_MMAP) || !defined(MAP_ANON) +#if !defined(HAVE_MMAP) if

I had to modify the file monitor_mm.c to get the privledge separation to work for Linux 2.0.36 (and above) and am passing on the patch to you; if there is a better place to send this, please let me know. I've included a new #define (USE_MMAP_DEV_ZERO) to select this patch, but am not including the patch to config.h---if there's a better name for it, please, by all means, change it.

I've been trying to cut down the size of openssh so I can run it on my Nokia 770. One thing which helps a fair amount (and will help even more when I get '-ffunction-sections -fdata-sections --gc-sections' working) is to have the option of compiling out privilege separation... Is it worth me tidying this up and trying to make it apply properly to the OpenBSD version? Does the openbsd

Hello! Please consider including the attached patch in the next release. It allows one to drop privilege separation code while building openssh by using '--disable-privsep' switch of configure script. If one doesn't use privilege separation at all, why don't simply allow him to drop privilege separation support completely? -- Sincerely Your, Dan. -------------- next part

Hi, I'm unable to get Kerberos4 authentication working with openssh-3.4p1. I'm getting a message that privsep is not available on my platform (Irix 6.5.15) and another message stating that compression and privsep are mutually exclusive. But, ssh decided to turn off compression, I think because of servconf.c. I think it would be more usefull to have compression enabled and disable privsep

Linux 2.2 (and probably others) have a deficient mmap which has caused a number of problems (e.g. bug #285). A workaround is in development, but it would be helpful to have a configure test to detect the bad mmaps(). Any takers? -d

Here I would like to suggest a replacement for MAP_ANON on systems which do not have it, such as Solaris < 8. In "man mmap" of Solaris 8: When MAP_ANON is set in flags, and fd is set to -1, mmap() provides a direct path to return anonymous pages to the caller. This operation is equivalent to passing mmap() an open file descriptor on /dev/zero with

Hi, This patch (relative to -HEAD) defines an API to allow sandboxing of the pre-auth privsep child and a couple of sandbox implementations. The idea here is to heavily restrict what the network-face pre-auth process can do. This was the original intent behind dropping to a dedicated uid and chrooting to an empty directory, but even this still allows a compromised slave process to make new

This patch adds a new option to sshd, chroot_users. It has the effect of chroot()ing incoming ssh users to their home directory. Note: this option does not work if UsePrivilegeSeparation is enabled. Patch is based on OpenSSH 3.4p1. *** servconf.h@@\main\1 Tue Oct 1 17:25:32 2002 --- servconf.h Wed Oct 2 06:17:48 2002 *************** *** 131,136 **** --- 131,137 ---- char

https://bugzilla.mindrot.org/show_bug.cgi?id=1945 Bug #: 1945 Summary: Only 1 of the 2 krb cache files is removed on closing the ssh connection with UsePrivilegeSeparation=yes Classification: Unclassified Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: HP-UX Status: NEW

http://bugzilla.mindrot.org/show_bug.cgi?id=259 Summary: UsePrivilegeSeparation crashed sshd under Linux 2.2 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

I just upgraded to OpenSSH3.2.3p1 as it seemed that UsePrivilegeSeparation yes might help with my problem (connections forwarded are owned by root instead of the user I logged in as on the server), but instead, sshd barfs on receiving a connection. Without UsePrivilegeSeparation the server works fine. # strace -o /tmp/sshd.str sshd -d debug1: sshd version OpenSSH_3.2.3p1 debug1: private host

I append a patch against openssh-3.5p1.tar.gz which adds a config option PAMServiceName. The option allows one to specify the PAM service at runtime in the config file rather than using __progname or having it hardwired to SSHD_PAM_SERVICE at compile time. I expect this to be useful if one wants to run multiple instances of sshd using different PAM configurations. With this patch

I just upgraded to OpenSSH 3.4p1 from 2.5.2p2 to take advantage of privilege separation. After installation, when a user tries to login he gets dropped almost immediately. In the server's /var/log/messages: Jun 26 20:15:04 sclp3 sshd[6433]: Accepted password for jason from 128.165.148.66 port 41871 ssh2 Jun 26 20:15:12 sclp3 jason[110]: sshd[6444]: fatal: xrealloc: out of memory (new_size

This patch allows the OpenSSH client to make connections over SCTP, and allows the OpenSSH server to listen for connections over SCTP. SCTP is a robust transport-layer protocol which supports, amongst other things, the changing of endpoint IPs without breaking the connection. To connect via SCTP, pass -H or set "ConnectViaSCTP yes". To listen via SCTP as well as TCP, set

http://bugzilla.mindrot.org/show_bug.cgi?id=285 ------- Additional Comments From dtucker at zip.com.au 2002-06-23 20:31 ------- Disabling PrivSep (add "UsePrivilegeSeparation no" to sshd_config) should get it working on 2.2 kernels. 3.3p1 defaults PrivSep to on. Previous releases (that supported it) defaulted to off. ------- You are receiving this mail because: ------- You

http://bugzilla.mindrot.org/show_bug.cgi?id=802 Summary: sshd of openssh-3.8p1 doesn't link on Tru64. Product: Portable OpenSSH Version: 3.8p1 Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org

On Tue, 3 May 2016, Rogan Dawes wrote: > Hi Damien, > Thanks for the response! > > I tried moving the StreamLocalBindUnlink directive outside of the Match > rule, and it worked. But that doesn't explain why the Match was not > correctly setting the directive: > > This is running on an alternate port with -ddd: > > debug3: checking match for 'User