similar to: [PATCH] permanently_set_uid fails on Cygwin :-(

Hi, the below patch solves the same problem for gids as has already been solved for uids. Windows has no concept of permanently changing the identity. It's always possible to revert to the original identity. Thanks, Corinna Index: uidswap.c =================================================================== RCS file: /cvs/openssh_cvs/uidswap.c,v retrieving revision 1.44 diff -p -u -r1.44

A change was recently introduced into uidswap.c to cover the case where the user is root. The change is "&& pw->pw_uid != 0 &&". /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid) != -1 || setegid(old_gid) != -1))

All, Could someone explain the purpose of the uidswap functions with respect to ssh ( the client ). From what I gathered , ssh installs as setuid root and swaps ids when reading potential key files that may be read only by root. Also , I think when binding to a privileged port ssh swaps id. Is that so? What are the consequnences if you do not install ssh setuid root? ( As far I as know no uid

I am enclosing a context diff of the changes that I made to get openssh working on UWIN. UWIN is a UNIX operating system layer that runs on Win32 systems. For more information on UWIN go to http://www.research.att.com/sw/tools/uwin/. I also ran configure using -with-cppflags=-D_BSDCOMP=2. I don't know where that information would go with the source code. Let me know if you need more

Aloha, I'm curious about the following code at line 203 in uidswap.c: /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); This causes permanently_set_uid to fail in the following case: $ su Password: ???????? #

Hello, I have tried running OpenSSH 3.7.1p2 on an Indy running IRIX 5.3. It compiled and installed without any problems. However, I get the fatal error, which originates from uidswap.c in function permanently_set_uid(): fatal: permanently_set_uid: was able to restore old [e]uid This happens even if "UsePrivilegeSeparation no" is used in sshd_config. It seems to be a problem

http://bugzilla.mindrot.org/show_bug.cgi?id=1182 Summary: uid 0, gid !=0 fools defensive check in uidswap.c Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P4 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy:

Hi, the following patch by Pierre A. Humblet <Pierre.Humblet at ieee.org> allows to use more than one uid on 9x/Me boxes which is currently blocked due to the behaviour of Cygwin's security code. After this patch is applied to sshd, we can safely change the affected code in Cygwin. Thanks, Corinna Index: session.c ===================================================================

I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if

Hello Porters, I am attempting to compile OpenSSH 2.9.9p2 on a Dynix V4.4.4 host. I have set USE_PIPES and BROKEN_SAVED_UIDS (the latter because there are no functions for set{eu,eg}id() that I can find). I configured with "./configure '--with-libs=-lnsl -lsec'". Each time I attempt to login, I get this error: No utmp entry. You must exec "login" from

Hi, With recent snapshots, I noted a warning in compilation on Red Hat Linux 7.3 system with glibc 2.2.5: uidswap.c: In function `permanently_set_uid': uidswap.c:155: warning: implicit declaration of function `setresgid' uidswap.c:168: warning: implicit declaration of function `setresuid' The problem appears to be that these should be prototyped in unistd.h, but aren't. There

http://bugzilla.mindrot.org/show_bug.cgi?id=674 Summary: permanently_set_uid() doesn't work on BSDI 4.0.1 Product: Portable OpenSSH Version: 3.7p1 Platform: ix86 OS/Version: BSDI Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

There is an error when installing ssh as a non root user on SGI IRIX 6.5.5m. See the error below when negotiating connection: ---BEGIN ERROR LISTING--- ssh -c blowfish -P -v -p 3400 -X -i /usr/people/bozo/.ssh/identity -l bozo 1.2.3.4 SSH Version OpenSSH_2.1.1, protocol versions 1.5/2.0. Compiled with SSL (0x0090581f). debug: Reading configuration data /free/bozo/sgi/etc/ssh_config debug:

Hi, the following patch fixes a potential security hole in the Cygwin version of sshd. If you're logging in to a Cygwin sshd with version 2 protocol using an arbitrary user name which is not in /etc/passwd, the forked sshd which is handling this connection crashes with a segmentation violation. The client side encounters an immediate disconnect ("Connection reset by peer").

EHLO, Somehow I don't think it makes any sense to test whether the gid/egid can be changed, if the original uid happened to be root. Root can always change the gid/egid anyhow. So, I would like to propose the following change to 3.9p1... --- uidswap.c.orig Sun Aug 29 15:43:57 2004 +++ uidswap.c Sun Aug 29 15:44:05 2004 @@ -201,7 +201,7 @@ #endif /* Try restoration of GID if

Ok, I'm doing a heads up here. I just applied: - markus at cvs.openbsd.org 2002/06/11 04:14:26 [ssh.c sshconnect.c sshconnect.h] no longer use uidswap.[ch] from the ssh client run less code with euid==0 if ssh is installed setuid root just switch the euid, don't switch the complete set of groups (this is only needed by sshd). ok provos@ A few comments about

I have just uploaded a new snapshot to: http://www.mindrot.org/misc/openssh/openssh-SNAP-20001114.tar.gz This snapshot includes Markus Friedl's new SSH2 RSA authentication work and -R portforwarding for SSH2. Please give these a good test. The new RSA authentications works similar to the current SSH2 DSA keys, but requires a little modification to config files. Currently RSA key cannot be

I downloaded openssh-2.5.1p1 as soon as it was on the ftp servers just to get the setluid patch. After compiling and installing on 5.0.5 I saw that the luid still wasn't being set correctly whether sshd was run from inetd or as a daemon from /etc/rc2.d/. I fiddled around and moved the setluid() stuff up higher in session.c and now luid is now being set correctly. I provided a regular diff

Hi, the below patch drops another test for uid 0 on Cygwin. It's embarassing that I never found it. Actually temporarily_use_uid never worked on Cygwin due to that. So far that had no influence, but now that we have activated another feature which makes Cygwin more POSIX-like, somebody on the Cygwin list found that agent forwarding didn't work anymore. The reason is that due to the

BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's authentication library. However, BSDI's patches have several problems: 1. They don't run the approval phase, so they can allow users to login who aren't supposed to be able to. 2. They don't patch configure to automatically detect the BSDI auth system, so they're not ready to use in a general portable