Displaying 20 results from an estimated 2000 matches similar to: "OpenSSH 3.7p1, PrivSep, and Tru64 broken (sorry)"
2003 Sep 25
7
[Bug 715] usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful
http://bugzilla.mindrot.org/show_bug.cgi?id=715
Summary: usage of BROKEN_SETREUID/BROKEN_SETREGID considered
harmful
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: Build system
AssignedTo:
2003 Sep 19
1
configure fixes for Tru64 UNIX V4.0x
1) Testing of uidswap.c on a Tru64 UNIX V4.0G PK4 (BL22) machine shows the
following defines to be required for correct uid changing semantics:
#define BROKEN_SETREGID 1
#define BROKEN_SETREUID 1
#define SETEUID_BREAKS_SETUID 1
Failure to fix these contributes to breaking privilege separation
(in a safe way: connections will fail while UsePrivilegeSeparation=yes,
thanks to
2003 Sep 18
0
Darwin notes for openssh-3.7.1p1
I was able to build working openssh-3.7.1p1 on the Darwin-ppc-1.4 , 5.5, and 6.0 platform, by
setting the following by hand in config.h.
#define SETEUID_BREAKS_SETUID
#define BROKEN_SETREUID
#define HAVE_SETEUID 1
/* #undef HAVE_SETREUID 1 */
For Darwin-x86-6.6.1, it built with the following.
#define SETEUID_BREAKS_SETUID
/* #undef BROKEN_SETREUID */
#define HAVE_SETEUID 1
/* #undef
2003 Sep 17
8
[Bug 657] Priv seperation causes setreuid error
http://bugzilla.mindrot.org/show_bug.cgi?id=657
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Priv seperation causes |Priv seperation causes
|segfault |setreuid error
------- Additional Comments From dtucker at
2003 Sep 16
6
sshd 3.7p1 dies on MacOSX
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Here's the output from running sshd in debug mode:
debug1: sshd version OpenSSH_3.7p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: setgroups() failed:
2002 Sep 04
2
uid transition and post-auth privsep (WAS Re: possible fundamental problem with tru64 patch) (fwd)
What do we loose by not having post-auth privsep?
What code is executed between authorization and actual setting of the
effective uid?
On Tue, 3 Sep 2002, Chris Adams wrote:
> Once upon a time, Toni L. Harbaugh-Blackford <harbaugh at nciaxp.ncifcrf.gov> said:
> > It appears that the integration of the sia session setup will either
> > have to be rethought or abandoned
2003 Sep 17
8
[Bug 653] sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
http://bugzilla.mindrot.org/show_bug.cgi?id=653
Summary: sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX)
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: Alpha
OS/Version: other
Status: NEW
Severity: critical
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
2003 Sep 20
2
[Bug 693] Missing definitions in configure scripts
http://bugzilla.mindrot.org/show_bug.cgi?id=693
Summary: Missing definitions in configure scripts
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: ix86
OS/Version: other
Status: NEW
Severity: normal
Priority: P4
Component: Build system
AssignedTo: openssh-bugs at mindrot.org
ReportedBy:
2002 Aug 01
0
Tru64 and OSF/1 Privsep patch
Ok.. I need wider testing for this. I'm getting reports back it works
mostly. 'ssh site ls' fails, but they can login with Privsep enbled.
Can I get those who are using Tru64 or OSF/1 that have SIA enabled to
test? This should apple to either -cvs or the current snapshot (I would
perfer not to use 3.4p1 due to bugs).
I'm going on a trip next week and will be around very spotty
2003 Feb 27
0
Update for Tru64 Unix
Here is a long-overdue (sorry about that) patch for Tru64. It is pretty
minor mostly (minor formatting and removal of a couple of unneeded
calls), and it disables post-auth privsep (so that OpenSSH will work
"out of the box" on Tru64, avoiding the many questions).
I'm also looking at getting setproctitle working. For Tru64 4.x, it
isn't a big deal (normal PS_USE_CLOBBER_ARGV
2002 Aug 11
4
OSF/1 or Tru64 patch for Privsep
Either this never made it to the list or no one cares about Tru64. This
is the last time I'll send this patch to the list. If no one steps up and
finishes it or provides me with enough information to fix any remaining
bugs (one being complaint that 'ssh site cmd' does not work right).
If there is no activity on this for a week. I'll post it to bugzilla and
will ignore any
2005 Sep 19
1
ssh hangs or gives Segmentation fault
Details of installation attached.
Effect: when I build and test (with full path names) ssh in the openssh...
directory, everything works fine. When I "install" it as per attached file
into a test-directory and run it from there, there are 2 phenomena:
either it just hangs, eating 96% of CPU
or it dies with a Segmentation fault (this is what happens most often)
Help needed
2003 Sep 17
16
[Bug 659] sshd failure on IRIX
http://bugzilla.mindrot.org/show_bug.cgi?id=659
Summary: sshd failure on IRIX
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: MIPS
OS/Version: IRIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: bugzilla-openssh at
2002 Jun 29
0
Privsep for osf/1 .. still need a bit of help
This privsepifies OSF/1 SIA, but I'm still being told the same error
occurs. I'm stumped.
Without an OSF/1 box near me I can't do too much more help unless someone
can either tell me what is wrong or show me why SIA is failing in their
logs.
(And tell me if it's different w/ or w/out this patch)
- Ben
Index: auth-sia.c
2001 Apr 13
0
Fixed patch for Digital Unix SIA
Okay, here is a fixed version of the patch I sent before for fixing the
problems I know about with Digital Unix SIA: displaying too much info
(MOTD, last login, etc.) when access is denied, and the loss of the
error message sometimes when access is denied.
It does break some code out of do_login into a couple of separate
functions. I did this to avoid duplicating the code in a couple of
places.
2003 Nov 18
5
Testing of recent commits
There have been a few recent commits to portable OpenSSH that require
testing. It would be appreciated if you could grab the 20031118 (or
later) snapshot and give it a try on your platforms of choice.
Ideally, "giving it a try" means running the regress tests, in addition
to casual (non-production) use and reporting your experiences back to
the list. The more platforms and compile-time
2000 Oct 15
1
Patch for Digital Unix SIA authentication
A while back, I sent in a patch that added Digital Unix SIA
authentication to OpenSSH. Well, I just figured out that it didn't
handle everything correctly (locked accounts could still log in). I
thought I had checked that, but I guess I missed it.
Anyway, here is a patch against OpenSSH 2.2.0p1 that fixes this.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator
2003 Sep 17
3
Use the OpenSSH 3.6 uidswap.c for building 3.7 under IRIX
[resending with uidswap.c instead of uidwrap.c]
Once I got past the missing inet_ntoa.h weirdness, I ran into an sshd
that died a lot. It appears that IRIX doesn't like some of the extra
checks added between 1.23 and 1.24 of uidswap.c. Not sure if that
constitutes an IRIX bug or not, but helpfully this helps someone.
--
Mail: mjo at dojo.mi.org WWW: http://dojo.mi.org/~mjo/ Phone: +1
2003 Dec 13
2
problem in uidswap?
Hello,
I've compiled openssh 3.7.1p2 on a DG/UX machine, using openssl 0.9.7c, zlib-1.1.4, and tcp_wrappers7.6. ssh itself seems to function ok, but sshd does not appear to be functioning properly for non-root users. After connecting and providing a password, the connection is closed, and we appear to get 3 messages in syslog like the following:
fatal: permanently_set_uid: was able to
2002 Jun 27
1
No TTY prealloc; Tru64 can't do post-auth privsep
Well, after digging around and thinking some more, I'm giving up on the
idea of preallocating a TTY to get post-auth privsep working on Tru64.
I don't think it will work, because just allocating a TTY doesn't fix
the problem - there's no valid way to tie that TTY back to the client
process (because it hasn't requested a TTY yet and may not ever do so).
The problem is that the