similar to: [Bug 301] New: In openssh 3.3 and 3.4 pam session seems be called from non-root

Hi! I wrote a small patch to enable /etc/limits support in openssh. nice thing when you don't have PAM installed.. It is based on Ultor's openssh 1.x patch (http://marc.theaimsgroup.com/?l=secure-shell&m=96427677022741&w=2) Works fine on slackware7.1. define USE_ETC_LIMITS in config.h , and compile as usual. Sagi -------------- next part -------------- diff -N -u

Hi all. I have an old windows VM with an oldish cygwin that I use for the regression tests. Investigating one of the test failures, I see that it's for UsePrivilegeSeparation=sandbox, and it seems to be because setrlimit(RLIMIT_FSIZE, ...) is not supported. IMO, this isn't a big loss, since the most useful thing in the rlimit "sandbox" is the descriptor limits. Can anyone see

After fuzzing 'qemu-img info' I found that certain files can cause the command to use lots of memory and time. Modify the command mini-library to allow us to place resource limits on subprocesses, and use these to limit the amount of space and time used by 'qemu-img info'. --- configure.ac | 3 +++ src/command.c | 53

Hi, I'm rather new to this project, having stumbled across it earlier this afternoon, so forgive me if I'm still trying to find my way around. I was in the need of an alternative to NFS that would let me spread the task of sharing my downloaded source code files across a couple of boxes, and GlusterFS looked like a great candidate, having had no luck with Coda or OpenAFS. I also want

Standard apology if old... This demonstrates a resource starvation attack on the setuid root passwd(1) program. In the case I tested it was the Red Hat Linux passwd-0.50-7 program without shadowing. #include <stdio.h> #include <sys/time.h> #include <stdlib.h> #include <unistd.h> #include <sys/resource.h> main () { struct rlimit rl, *rlp; rlp=&rl;

Hy all.. i've just subscribed to the list thow i've been using wine for a while now. I 've emeregd (I have Gentoo) the latest wine and , Here-s what i get: mihaiv bin # wine /usr/local/bin/wine-kthread: could not open mihaiv bin # /usr/local/bin/wine-kthread Wine 20041019 Usage: wine PROGRAM [ARGUMENTS...] Run the specified program wine --help Display this help and exit wine

Hi, This patch (relative to -HEAD) defines an API to allow sandboxing of the pre-auth privsep child and a couple of sandbox implementations. The idea here is to heavily restrict what the network-face pre-auth process can do. This was the original intent behind dropping to a dedicated uid and chrooting to an empty directory, but even this still allows a compromised slave process to make new

Hey, I've just updated the FreeBSD dovecot port to the 0.99.4 beta release, the following patch was needed as FreeBSD has setrlimit(2) but does not define RLIMIT_AS (I believe). I switched the code the require both, alternatively find a parallel option in the FreeBSD setrlimit(2) manual page. ( http://www.freebsd.org/cgi/man.cgi?setrlimit ) You may be interested in integrating this patch.

Hi all! I have upgraded Dovecot 0.99.11 installation that's worked with LDAP to Dovecot 1.0-test52 and I can't get LDAP to work. I noticed the /etc/dovecot.conf is slightly different, so I have adjusted changes. If I use the standard auth (passw & pam) everything works fine, however when I user ldap for auth Dovecot starts but then dies: dovecot: Nov 26 14:14:36 Error: Auth process

Hi all, When setting auth mechanisms: plain login cram-md5 and only having pam passdb and passwd userdb. dovecot nevers starts and crashes reporting: Feb 29 10:19:41 pitux-clust-op1 dovecot: Dovecot v1.0.10 starting up Feb 29 10:19:41 pitux-clust-op1 dovecot: auth(default): CRAM-MD5 mechanism can't be supported with given passdbs Feb 29 10:19:41 pitux-clust-op1 dovecot: Auth process died

Hi I just tried to run the convert plugin as described at http://wiki.dovecot.org/Plugins/Convert (except with mail_location = maildir:~/Mail) It fails with an error message: Eopen(/.temp.falcon.endbracket.net.18618.8d5e0a038da6cf06) failed: Permission denied Error: imap dump-capability process returned 89 It looks like Dovecot execs /usr/libexec/dovecot/imap, which drops root privileges

Version 2.0.5a (same prob w/2.0.4b, though). smbsh segfaults after I enter my password. As root, it just seg faults. As my login user, it dumps core. Attached is a script of an strace of it. Running RH 6.0, kernel 2.2.10, AMD K6-2/350, 64M RAM. Configure options were: CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%{pref} --libdir=/etc \ --with-lockdir=/var/lock/samba

Hi, we're in the process of setting up large-page support on IBM regattas, but for large-page support the users have to have a set of extra capabilities (CAP_BYPASS_RAC_VMM,CAP_PROPAGATE). This are configured on a per user basis by listing which capability each user have in /etc/security/user. Unfortunately they don't get set when the users log in via OpenSSH (3.1p1). Does anybody know

This trivial patch enables LLVM to build on NetBSD. Neil. Index: Program.inc =================================================================== RCS file: /var/cvs/llvm/llvm/lib/System/Unix/Program.inc,v retrieving revision 1.24 diff -u -p -r1.24 Program.inc --- Program.inc 23 Apr 2007 07:22:51 -0000 1.24 +++ Program.inc 4 Jun 2007 13:05:22 -0000 @@ -125,11 +125,13 @@ static void SetMemoryLimits

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 When are you all going to make Samba compatible with CCC (Compaq Compiler)? I would really like to be able to compile it using CCC but I keep getting the errors listed below. I was wondering, could please point me in the right direction for a solution to this dilemma? ==================== ERROR MESSAGE ==================== Using FLAGS = -O -fast

Hi, with a low soft limit on file descriptors, dovecot 2.2.15 warns on startup: Warning: fd limit (ulimit -n) is lower than required under max. load (256 < 1000), because of default_client_limit It could try increasing the limit first, and only report the warning if that fails. I'm attaching a patch that does just this. Without the patch, the soft fd limit is kept at whatever it

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-99:04 Security Advisory FreeBSD, Inc. Topic: Coredumps and symbolic links Category: core Module: kernel Announced: 1999-09-15 Affects:

Hi. New (2.1.1p1) login code is nicer on AIX (4.2.1.0.06). Thanks. A couple of issues, though, which I haven't really dug into yet. I'm wondering if anyone else has seen them? If not, I'll investigate & report. 1. If I set "UseLogin" to "yes", everything seems fine except that the authentication agent forwarding doesn't work. The "SSH"

Hi all! I gave a shot at compiling core llvm with a Solaris 9 machine. The compiler is FSF gcc 3.4.6. I am building trunk in the release version. So far I did not run tests (no dejagnu installed). Here are my findings: 0) Configuring. I had to suppress the solaris tools by: env AR=/opt/gnu/bin/ar NM=/opt/gnu/bin/nm RANLIB=/opt/gnu/bin/ranlib STRIP=/opt/gnu/bin/strip ../llvm/configure

Package: src:xcp-vncterm Version: 0.1-2 Severity: important Tags: sid jessie User: debian-glibc at lists.debian.org Usertags: ftbfs-glibc-2.17 The package fails to build in a test rebuild on at least amd64 with eglibc-2.17, but succeeds to build with eglibc-2.13. The severity of this report may be raised before the jessie release. The test rebuild was done together with GCC-4.8, so some issues