similar to: [PATCH] improved chroot handling

We have a system on which users are given a very restricted environment (their shell is a menu) where they should not be able to run arbitrary commands. However, because their shell is not statically linked, ld.so provides a nice clutch of holes for them to exploit. The patch below adds a new configuration option to sshd which quashes their attempts to set LD_PRELOAD etc. using ~/.ssh/environment

> > ---------- Forwarded message ---------- > From: Frederic BOHE <fbohe-guest at alioth.debian.org> > To: nut-commits at lists.alioth.debian.org > Date: Wed, 16 Mar 2011 14:57:09 +0000 > Subject: svn commit r2940 - in > branches/windows_port/scripts/Windows/Installer: . ImageFiles > ImageFiles/Binary ImageFiles/Others ImageFiles/emptyDir >

Hi, This diff (for portable) makes the chrooted preauth privsep process log via the monitor using a shared socketpair. It removes the need for /dev/log inside /var/empty and makes mandatory sandboxing of the privsep child easier down the road (no more socket() syscall required). Please test. -d Index: log.c =================================================================== RCS file:

https://bugzilla.mindrot.org/show_bug.cgi?id=2167 Bug ID: 2167 Summary: Connection remains when fork() fails. Product: Portable OpenSSH Version: 5.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

Need to understand exactly what the "--delete" flag does when rsync runs. Here is my understanding... If a file is created on the source machine on monday, then rsync'd to the rsync server on monday night, then deleted on the source machine tuesday, then it will be deleted from the rsync server on tuesday night when the cron job runs again. But, would rsync under any circumstances,

Normally I would use the --link-dest option to do this but I can't since I'm rsyncing from a Mac to a Samba share on a Linux box and hard links don't work. What I want to do is create a 10 day rotating incremental backup. I used the first script example on the rsync examples page as a template. The only thing I changed was the destination to be a local directory and paths for

Hi folks, What is the purpose of following statements? [ -d $HOME/emptydir ] || mkdir $HOME/emptydir rsync --delete -a $HOME/emptydir/ $BSERVER::$USER/$BACKUPDIR/ Expecting reply. Baskar

Hi, I am happy to (re)send a set of patches for compiling OpenSSH 4.7p1 with FIPS 140-2 OpenSSL. These are based on previously reported patches by Steve Marquess <marquess at ieee.org> and Ben Laurie <ben at algroup.co.uk>, for ver. OpenSSH 3.8. Note that these patches are NOT OFFICIAL, and MAY be used freely by anyone. Issues [partially] handled: SSL FIPS Self test. RC4,

Hello, The below patch fixes a memory leak I noticed in monitor_read_load() when the child's log pipe is closed. Thanks, Zev Weiss -- diff --git a/monitor.c b/monitor.c index a166fed..6464eec 100644 --- a/monitor.c +++ b/monitor.c @@ -510,6 +510,7 @@ monitor_read_log(struct monitor *pmonitor) debug("%s: child log fd closed", __func__); close(pmonitor->m_log_recvfd);

Hello, I'm new to this and am trying to modify the "backup to a central backup server with 7 day incremental" script from http://samba.anu.edu.au/rsync/examples.html to suit my situation. I have ended up with the script attached below and when running it from command line I get these errors: rsync error: syntax or usage error (code 1) at main.c(726) and a plethora of this >

Hello, we've run a coverity scan on the openssh sources and it found several issues. Although the scan was run on patched rhel sources, some results are applicable to vanilla sources too. * servconf.c:1458:dead_error_line ? Execution cannot reach this statement "*intptr = *intptr + 1;" --- a/servconf.c +++ b/servconf.c @@ -1451,12 +1451,8 @@

https://bugzilla.mindrot.org/show_bug.cgi?id=2140 Bug ID: 2140 Summary: Capsicum support for FreeBSD 10 (-current) Product: Portable OpenSSH Version: -current Hardware: All OS: FreeBSD Status: NEW Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at

Since snapshot rsync-HEAD-20090220-0710GMT.tar.gz make check is successful but sudo make check fails ------------------------------------------------------------ ----- overall results: 29 passed 3 failed 6 skipped ------------------------------------------------------------ failed FAIL batch-mode FAIL chmod-option FAIL daemon-gzip-upload

Hello All. Attached is an update to my previous patch to make do_pam_chauthtok and privsep play nicely together. First, a question: does anybody care about these or the password expiration patches? Anyway, the "PRIVSEP(do_pam_hauthtok())" has been moved to just after the pty has been allocated but before it's made the controlling tty. This allows the child running chauthtok to

I've a particular situation in which I need to sometimes delete one or two files from a remote site. I haven't figured out a way to do it with rsync yet... I've considered playing games with --exclude and --delete but I'm a bit nervous of the chances of mayhem by a simple error. Situation is a remote repository to which files are added on occasion; there is no local copy. On

From: Randy Dunlap <randy.dunlap at oracle.com> scripts/headers_install.pl prevents "__user" from being exported to userspace headers, so just use compiler.h to make sure that __user is defined and avoid the error. unifdef: linux-next-20101112/xx64/usr/include/xen/privcmd.h.tmp: 79: Premature EOF (#if line 33 depth 1) Signed-off-by: Randy Dunlap <randy.dunlap at

From: Randy Dunlap <randy.dunlap at oracle.com> scripts/headers_install.pl prevents "__user" from being exported to userspace headers, so just use compiler.h to make sure that __user is defined and avoid the error. unifdef: linux-next-20101112/xx64/usr/include/xen/privcmd.h.tmp: 79: Premature EOF (#if line 33 depth 1) Signed-off-by: Randy Dunlap <randy.dunlap at

From: Randy Dunlap <randy.dunlap at oracle.com> scripts/headers_install.pl prevents "__user" from being exported to userspace headers, so just use compiler.h to make sure that __user is defined and avoid the error. unifdef: linux-next-20101112/xx64/usr/include/xen/privcmd.h.tmp: 79: Premature EOF (#if line 33 depth 1) Signed-off-by: Randy Dunlap <randy.dunlap at

Hello, I am using rsync v2.5.6 to backup our entire server filesystem over the network to a central backup server. I have copied the example script from the rsync website (http://rsync.samba.org/examples.html) to create incremental backups, the --backup-dir seems to have a strange side-effect. Everything goes well, but on the server side where the backup is stored I can't seem to break out

Hi, I would like to compare a backup dir with a directory list in --compare-dest= but I don't know how to specify this list. If a have only one dir it's ok, but if I have 2 or more dir I have an error ? Here is my script: #!/bin/bash SSH_USER= SSH_HOST= TOBCK=/ EXCLUDES=/root/bckscript/ns200176/excludes LOG=/root/bckscript/ns200176/rsync_$(date +'%Y-%m-%d_%H.%M.S').log