similar to: [Bug 354] sshd with privsep doesn't do pam session setup properly

http://bugzilla.mindrot.org/show_bug.cgi?id=354 Summary: sshd with privsep doesn't do pam session setup properly Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=301 Summary: In openssh 3.3 and 3.4 pam session seems be called from non-root Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: critical Priority: P3 Component: sshd AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=2263 Bug ID: 2263 Summary: sshd privsep monitor process doesn't handle SIGXFSZ signal Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: sshd

Hi, This patch (relative to -HEAD) defines an API to allow sandboxing of the pre-auth privsep child and a couple of sandbox implementations. The idea here is to heavily restrict what the network-face pre-auth process can do. This was the original intent behind dropping to a dedicated uid and chrooting to an empty directory, but even this still allows a compromised slave process to make new

Hi. If sshd is configured to use PAM and UsePrivilegeSeparation=no or you are logging is as root, any messages returned by PAM session modules are not displayed to the user. (Even when the config file has privsep=yes, logging in as root disables privsep anyway since there's no point, so it behaves the same way as privsep=no). I think I've figured out why: when privsep=no,

Hy all.. i've just subscribed to the list thow i've been using wine for a while now. I 've emeregd (I have Gentoo) the latest wine and , Here-s what i get: mihaiv bin # wine /usr/local/bin/wine-kthread: could not open mihaiv bin # /usr/local/bin/wine-kthread Wine 20041019 Usage: wine PROGRAM [ARGUMENTS...] Run the specified program wine --help Display this help and exit wine

I'm using Dovecot 1.1.7 on CentOS 5.2. I've changed my passdb from passwd to pam, it works fine, but I've found this messages on /var/log/secure: dovecot-auth: PAM adding faulty module: /lib64/security/pam_limits.so dovecot-auth: PAM unable to dlopen(/lib64/security/pam_limits.so) dovecot-auth: PAM [error: /lib64/security/pam_limits.so: failed to map segment from shared object:

I was looking through the RSA fingerprinting code from a few releases back, with an eye to being able to close <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=111598>. While it works fine with SSH2, the fingerprint log message goes missing with SSH1. I eventually realized that this is because auth_rsa() is called in the unprivileged child, and so can't write syslog messages. Am I

It was suggested to me that I forward this message to you. ---------- Forwarded Message ---------- Subject: privsep in ssh Date: Fri, 19 Sep 2003 12:22 From: Russell Coker <russell at coker.com.au> To: SE Linux <selinux at tycho.nsa.gov> Cc: Colin Watson <cjwatson at debian.org> #ifdef DISABLE_FD_PASSING if (1) { #else if (authctxt->pw->pw_uid == 0 ||

https://bugzilla.mindrot.org/show_bug.cgi?id=3723 Bug ID: 3723 Summary: sshd failed to close session when client specifies no remote command Product: Portable OpenSSH Version: 8.0p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: PAM

Hi, Does anybody know why openssh (openssh-2.9p1) on a linux system does not call pam_open_session if no pty is used? In this way the session modules (in /etc/pam.d) are not activated. This is especially annoying if you use pam_limits.so to set rlimits. Every user could circumvent them easily. I do not know if this issue has been discussed before and if this behavior is not alright ..... cu

On Tue, Jun 19, 2001 at 03:11:02AM +0200, Christian Kraemer wrote: > This is espacially anoying if you > use pam_limits.so to set rlimits. Every user could > cirrcumvent them easily by calling ssh in this way: > ssh user at server /bin/sh Interestingly, Debian 2.2's openssh (1:1.2.3-9.3) does enforce rlimits somehow, not sure if it was specifically patched to do this or perhaps

http://bugzilla.mindrot.org/show_bug.cgi?id=939 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED ------- Comment #2 from dtucker at zip.com.au 2006-10-07 11:37 ------- Change all RESOLVED bug to CLOSED with the exception

http://bugzilla.mindrot.org/show_bug.cgi?id=1002 Summary: sshd does not report failed PAM session modules to the client side Product: Portable OpenSSH Version: 4.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs

Hi, I've read through some of the posts and can't see an answer to my query so I'm throwing it here :) GOAL: To use Winbind to authenticate users against directory,for Console Login, GDM, SSH etc While this has been somewhat successful, there are a few errors that I would like to remove (if possible). Firstly : When I ssh with an AD user all appears to log in ok, except the ssh

http://bugzilla.mindrot.org/show_bug.cgi?id=301 ------- Additional Comments From ldv at altlinux.org 2002-06-27 03:09 ------- In your case, to make pam_limits work, use "ulimit -Sc 0" instead of "ulimit -c 0". ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=270 ------- Additional Comments From dtucker at zip.com.au 2002-06-09 19:59 ------- Created an attachment (id=111) sshd output on AIX w/PrivSep ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=270 Summary: PrivSep breaks sshd on AIX for non-root users Product: Portable OpenSSH Version: -current Platform: PPC OS/Version: AIX Status: NEW Severity: major Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

Hi, I'm rather new to this project, having stumbled across it earlier this afternoon, so forgive me if I'm still trying to find my way around. I was in the need of an alternative to NFS that would let me spread the task of sharing my downloaded source code files across a couple of boxes, and GlusterFS looked like a great candidate, having had no luck with Coda or OpenAFS. I also want

http://bugzilla.mindrot.org/show_bug.cgi?id=544 Summary: sshd w/privsep fails on Linux 2.0, mm_receive_fd: expected type 1 got 1074276337 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd