similar to: setres[gu]id implicit decl warning on Linux glibc

http://bugzilla.mindrot.org/show_bug.cgi?id=645 ------- Additional Comments From dtucker at zip.com.au 2003-10-27 13:43 ------- Created an attachment (id=487) --> (http://bugzilla.mindrot.org/attachment.cgi?id=487&action=view) Test setresuid and setresguid for "not implemented" Please try this patch. You will need to run "autoreconf" after applying, then

Hi, I'm terribly sorry that I missed this before 3.7p1 was out. The permanently_set_uid() function fails on Cygwin since the test to revert to the saved uid unfortunately works on Cygwin though it shouldn't. The reason is that a Windows NT process always can revert to its previous privileges. There's no such concept of giving up rights in a process permanently. This is only

Hi, the below patch solves the same problem for gids as has already been solved for uids. Windows has no concept of permanently changing the identity. It's always possible to revert to the original identity. Thanks, Corinna Index: uidswap.c =================================================================== RCS file: /cvs/openssh_cvs/uidswap.c,v retrieving revision 1.44 diff -p -u -r1.44

Hi All. The recent changes to scp caused build failures on Solaris and AIX 4.2 which showed up on the tinderbox[1]. I mentioned the first to djm in email yesterday but I'm posting after finding the second, in case anyone else has seen similar problems. Solaris' nanosleep is in librt (or libposix4 in older versions) which is not linked. Adding them to configure works fine, however ldd

Hi, The 4.4p1 release is approaching now, so we are now asking people to actively test snapshots or CVS and report back to the mailing list. Snapshots are available from http://www.mindrot.org/openssh_snap or from any of the mirrors listed on http://www.openssh.org/portable.html The latter page also includes instructions for checking out portable OpenSSH via anonymous CVS. This release

http://bugzilla.mindrot.org/show_bug.cgi?id=1182 Summary: uid 0, gid !=0 fools defensive check in uidswap.c Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P4 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy:

All, Could someone explain the purpose of the uidswap functions with respect to ssh ( the client ). From what I gathered , ssh installs as setuid root and swaps ids when reading potential key files that may be read only by root. Also , I think when binding to a privileged port ssh swaps id. Is that so? What are the consequnences if you do not install ssh setuid root? ( As far I as know no uid

There is an error when installing ssh as a non root user on SGI IRIX 6.5.5m. See the error below when negotiating connection: ---BEGIN ERROR LISTING--- ssh -c blowfish -P -v -p 3400 -X -i /usr/people/bozo/.ssh/identity -l bozo 1.2.3.4 SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /free/bozo/sgi/etc/ssh_config debug:

https://bugzilla.mindrot.org/show_bug.cgi?id=3497 Bug ID: 3497 Summary: setresuid configure check may need _GNU_SOURCE Product: Portable OpenSSH Version: 9.1p1 Hardware: 68k OS: Mac OS X Status: NEW Severity: enhancement Priority: P5 Component: Build system Assignee:

I was trying to compile openssh-3.6.1p1 on IRIX and ran across this error while compiling progressmeter.c: "/usr/include/libgen.h", line 35: error(1143): declaration is incompatible with "char *basename(const char *)" (declared at line 9 of "openbsd-compat/basename.h") extern char *basename(char *); ^ 1 error detected in the

Aloha, I'm curious about the following code at line 203 in uidswap.c: /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); This causes permanently_set_uid to fail in the following case: $ su Password: ???????? #

Hello, I have tried running OpenSSH 3.7.1p2 on an Indy running IRIX 5.3. It compiled and installed without any problems. However, I get the fatal error, which originates from uidswap.c in function permanently_set_uid(): fatal: permanently_set_uid: was able to restore old [e]uid This happens even if "UsePrivilegeSeparation no" is used in sshd_config. It seems to be a problem

Fixes a potential (but probably rather unlikely) use after free bug in function temporarily_use_uid(), file uidswap.c. --- a/uidswap.c +++ b/uidswap.c @@ -113,8 +113,9 @@ temporarily_use_uid(struct passwd *pw) } } /* Set the effective uid to the given (unprivileged) uid. */ - if (setgroups(user_groupslen, user_groups) < 0) -

http://bugzilla.mindrot.org/show_bug.cgi?id=645 Summary: Configure mis-identifies setresgid Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Hi openssh developers, I'm trying to port openssh to Interix. See [1] for more on this. For Interix sshd needs to be patched to not use setuid()/setgid(), but an Interix specific function setuser(). See [2] why it is needed. Unfortunately, setuser() needs the clear-text password of the user to be fully functional (If you use password-less setuser(), then the user doesn't have network

1) Testing of uidswap.c on a Tru64 UNIX V4.0G PK4 (BL22) machine shows the following defines to be required for correct uid changing semantics: #define BROKEN_SETREGID 1 #define BROKEN_SETREUID 1 #define SETEUID_BREAKS_SETUID 1 Failure to fix these contributes to breaking privilege separation (in a safe way: connections will fail while UsePrivilegeSeparation=yes, thanks to

Currently openssh (3.4p1) relies on the NGROUPS_MAX define. This makes the number of allowed simultaneous (per-user) secondary groups a compile-time decision. $ find . -name \*.c | xargs grep NGROUPS_MAX ./groupaccess.c:static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ ./groupaccess.c: gid_t groups_bygid[NGROUPS_MAX + 1]; ./uidswap.c:static gid_t

[resending with uidswap.c instead of uidwrap.c] Once I got past the missing inet_ntoa.h weirdness, I ran into an sshd that died a lot. It appears that IRIX doesn't like some of the extra checks added between 1.23 and 1.24 of uidswap.c. Not sure if that constitutes an IRIX bug or not, but helpfully this helps someone. -- Mail: mjo at dojo.mi.org WWW: http://dojo.mi.org/~mjo/ Phone: +1

Sorry if I'm duplicating an existing patch, but... On systems with no seteuid() that have setreuid() there is an emulation, but if both are lacking (but we do have setresuid()), nothing is done. The following seems to be right, but I've only got one machine (running an ancient version of HP-UX) which needs this so it may not be general: --cut-here-- --- config.h.in.orig Thu Jun 7

Greetings, I have compiled OpenSSH-3.6.1p2 on SCO 3.2v4.2 and the following problem occurs: I am unable to login as root using when strictmode is set to yes. output of debug: Failed none for root from 192.168.1.1 port 1199 ssh2 debug1: userauth-request for user root service ssh-connection method publickey debug1: attempt 1 failures 1 debug2: input_userauth_request: try method publickey debug1: