similar to: Limit forwarding to specific ports

Hi, sorry if it is the wrong approuch to suggest improvments to OpenSSH, but here comes my suggestion: I recently stumbled upon the scponly shell which in it's chroot:ed form is an ideal solution when you want to share some files with people you trust more or less. The problem is, if you use the scponlyc as shell, port forwarding is still allowed. This can of course be dissallowed in

There are a couple of races in sftp-server as this patch shows: --- sftp-server.c 28 Jan 2003 18:06:53 -0000 1.1.1.2 +++ sftp-server.c 5 Feb 2003 19:19:42 -0000 @@ -832,19 +832,22 @@ process_rename(void) { u_int32_t id; - struct stat st; char *oldpath, *newpath; - int ret, status = SSH2_FX_FAILURE; + int status; id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL);

I'm curious as to whether or not there is a way to restrict forwarded ports server side. For instance, I'm running an IRC server and am allowing users to connect via ssh forwarding (so I can take advantange of using openssh's public key method for authentication). Each client I tell to setup their ~/.ssh/config in a certain way, but the relevant line is: LocalForward 6667

Hi, surely I''m missing something... but what!? in my spec I''ve User.should_receive(:find).with("1").and_return(@user) and in my controller User.find(params[:id]) green light... correct... but if I change my controller using another method, for example first: User.first or even User.all I get green light too... I was expecting an error like expected: 1 time

Hi, we use attachment dedup with lots of emails (still migrating to it from maildir). We use netapp storage with wafl filesystem over nfs. Problem is that netapp has hard limit of 100k hardlinks to one file. And we encountered it. Problem is that dovecot start do segfault (lmtp,dsync,pop3 etc) when it happend when tried to deliver new emails with that attachment. Here is strace of dsync: 6740

could please anyone help me with this issue? http://stackoverflow.com/questions/13237954/object-not-found-in-production thanks, enrico -- · Enrico Stano · · twitter @enricostano · skype ocirneonats -- You received this message because you are subscribed to the Google Groups "Ruby on Rails: Talk" group. To post to this group, send email to

From: Randy Dunlap <randy.dunlap at oracle.com> scripts/headers_install.pl prevents "__user" from being exported to userspace headers, so just use compiler.h to make sure that __user is defined and avoid the error. unifdef: linux-next-20101112/xx64/usr/include/xen/privcmd.h.tmp: 79: Premature EOF (#if line 33 depth 1) Signed-off-by: Randy Dunlap <randy.dunlap at

From: Randy Dunlap <randy.dunlap at oracle.com> scripts/headers_install.pl prevents "__user" from being exported to userspace headers, so just use compiler.h to make sure that __user is defined and avoid the error. unifdef: linux-next-20101112/xx64/usr/include/xen/privcmd.h.tmp: 79: Premature EOF (#if line 33 depth 1) Signed-off-by: Randy Dunlap <randy.dunlap at

From: Randy Dunlap <randy.dunlap at oracle.com> scripts/headers_install.pl prevents "__user" from being exported to userspace headers, so just use compiler.h to make sure that __user is defined and avoid the error. unifdef: linux-next-20101112/xx64/usr/include/xen/privcmd.h.tmp: 79: Premature EOF (#if line 33 depth 1) Signed-off-by: Randy Dunlap <randy.dunlap at

There are a couple of niggles with the sandboxing of the unprivileged child in the privsep code: the empty directory causes namespace pollution, and it requires care to ensure that it is set up properly and remains set up properly. The patch below (against the portable OpenSSH, although the patch against the OpenBSD version is very similar) replaces the fixed empty directory with one that is

Greetings, cvsup.uk.FreeBSD.org is outdated. I know this is not the proper list, but which one is? -- Best Wishes, Stefan Lambrev ICQ# 24134177

We have a system on which users are given a very restricted environment (their shell is a menu) where they should not be able to run arbitrary commands. However, because their shell is not statically linked, ld.so provides a nice clutch of holes for them to exploit. The patch below adds a new configuration option to sshd which quashes their attempts to set LD_PRELOAD etc. using ~/.ssh/environment

On 3/9/2016 9:02 PM, Timo Sirainen <tss at iki.fi> wrote: > On 08 Mar 2016, at 01:50, Pavel Stano <stanojr at websupport.sk> wrote: >> >> sis attachment deduplication is broken in 2.2.16 upwards. >> It is caused by this commit. >> https://github.com/dovecot/core/commit/664bf3e236c214aee86294483c379e4fa66c2e63 >> >> in src/lib-fs/fs-sis.c function

Here's another patch for people providing ssh access to restricted environments. We allow our users to use port forwarding when logging into our mail servers so that they can use it to fetch mail over an encrypted channel using clients that don't support TLS, for example fetchmail. (In fact, fetchmail has built-in ssh support.) However we don't want them connecting to other places

The patch below implements a couple of features which are useful in an environment where users do not have a regular shell login. It allows you to selectively disable certain features on a system-wide level for users with a certain shell; it also allows you to control and audit TCP forwarding in more detail. Our system is an email server with a menu for the login shell; we selectively allow port

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, sis attachment deduplication is broken in 2.2.16 upwards. It is caused by this commit. https://github.com/dovecot/core/commit/664bf3e236c214aee86294483c379e4fa66c2e63 in src/lib-fs/fs-sis.c function fs_sis_try_link() is comparation of inodes of hash files. Because fs_stat() after that commit use fstat() on open fd of temporary file instead of

Hi All, I am having trouble removing all messages in a mailbox.?? The command below doesn't remove all the messages: doveadm expunge -u user at domain mailbox? '*' all Do I need to add .* or other? THanks Murray

http://bugzilla.mindrot.org/show_bug.cgi?id=1349 Summary: race condition with ControlMaster=auto Product: Portable OpenSSH Version: 4.6p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: dot at dotat.at

Hello, we have 2 netapp arrays with 2 volumes and we need to store our mail data in one or other volume for every user. We want keep data for one user in one volume only. So we would like to have 2 separate mail_attachment_dir, one on every volume. But in latest version 2.2.12 it look like it is only possible to set one global mail_attachment_dir. I have an idea with 2 separate dovecot

Hi, i have setup with mail_attachment single instance store + replication + zlib and got this bug when i try to replicate one test mailbox: On master1 in mail.log: Apr 10 13:25:22 master1 dovecot: dsync-local(zzz at blabla666.sk): Error: read(/nfsmnt/mailnfs1/attachments1/6b/57/6b57ad34cf6c414662233d833a7801fde4e1cdcb-92b5052558774653a728000013e2b982[base64:18 b/l]) failed: Stream is larger than