Displaying 20 results from an estimated 50000 matches similar to: "Question on function order"
2002 Jun 25
3
BSD/OS with privsep
I need this for BSD/OS 4.2 + privsep
perhaps we should not call do_setusercontext() after
chroot().
--- sshd.c.orig Fri Jun 21 03:09:47 2002
+++ sshd.c Tue Jun 25 13:11:03 2002
@@ -548,21 +548,35 @@
/* Change our root directory*/
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
strerror(errno));
if
2003 Dec 26
1
[Bug 779] Chroot environment for sftp client crazy
http://bugzilla.mindrot.org/show_bug.cgi?id=779
Summary: Chroot environment for sftp client crazy
Product: Portable OpenSSH
Version: 3.7.1p2
Platform: Other
URL: http://aixpanish.com
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sftp-server
AssignedTo:
2009 Mar 02
0
About setpcred() and chroot()
Hi,
I need to use sftp-only accounts, chroot()ed in their home dirs, on AIX 5.3
with OpenSSH_5.2p1.
But there is a problem with the chroot() call.
In the do_setusercontext() function, chroot() is called after the setpcred()
(only AIX is concerned by the setpcred() call), so privileges are already
dropped when chroot() is called.
When not calling setpcred(), the chroot() does not fail and the
2002 Jun 26
5
[PATCH] improved chroot handling
There are a couple of niggles with the sandboxing of the unprivileged
child in the privsep code: the empty directory causes namespace pollution,
and it requires care to ensure that it is set up properly and remains set
up properly. The patch below (against the portable OpenSSH, although the
patch against the OpenBSD version is very similar) replaces the fixed
empty directory with one that is
2002 Aug 01
1
[Bug 375] New: sshd core dumping with msg "Cannot delete credentials"
http://bugzilla.mindrot.org/show_bug.cgi?id=375
Summary: sshd core dumping with msg "Cannot delete credentials"
Product: Portable OpenSSH
Version: 3.1p1
Platform: Sparc
OS/Version: Solaris
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
2004 May 04
3
Error with USE_POSIX_THREADS and OpenSSH-3.8p1
Hello,
I am using OpenSSH-3.8p1 on HP-UX machine with USE_POSIX_THREADS option.
This is for making the kerberos credentials file to be created in the system
with PAM. In OpenSSH versions 3.5 when authentication is done with pam
kerberos, a /tmp/krb5cc_X_Y file is created on the server side. But the
KRB5CCNAME variable is not set by default. So, after we manually set this
environment variable, the
2002 Jun 24
4
README.privsep
Hi,
This is included in the release now; any feedback?
Privilege separation, or privsep, is method in OpenSSH by which
operations that require root privilege are performed by a separate
privileged monitor process. Its purpose is to prevent privilege
escalation by containing corruption to an unprivileged process.
More information is available at:
2002 Nov 05
2
[PATCH] Add a chroot_users option to sshd
This patch adds a new option to sshd, chroot_users. It has the effect of
chroot()ing incoming ssh users to their home directory. Note: this option
does not work if UsePrivilegeSeparation is enabled.
Patch is based on OpenSSH 3.4p1.
*** servconf.h@@\main\1 Tue Oct 1 17:25:32 2002
--- servconf.h Wed Oct 2 06:17:48 2002
***************
*** 131,136 ****
--- 131,137 ----
char
2008 May 25
1
OpenSSH + chroot + SELinux = broke
Hello,
First, a big thank you to the OpenSSH devs.
_ /Problem Summary:/
_ Chroot and SELinux don't get along. This affects both the new
(official) ChrootDirectory feature, as well as the older (3rd party)
patch at http://chrootssh.sourceforge.net/.
_ /History and repro:/
_ On March 21, 2008, Alexandre Rossi posted to this list with the
subject: "*ChrootDirectory
2008 Sep 23
3
[Bug 1527] New: ForceCommand internal-sftp needs a way to enable logging
https://bugzilla.mindrot.org/show_bug.cgi?id=1527
Summary: ForceCommand internal-sftp needs a way to enable
logging
Product: Portable OpenSSH
Version: 5.1p1
Platform: Itanium2
OS/Version: HP-UX
Status: NEW
Severity: minor
Priority: P4
Component: sftp-server
AssignedTo:
2006 Sep 11
1
error in rsync protocol data stream (code 12) at io.c(463) on HP-UX 11.23
Hello,
We discovered a slight problem with rsync 2.6.8 on HP-UX 11.23 on Itanium2.
When trying to get a directory listing via:
# oracle@DEV1[]:/~ > rsync dev1::deploy
drwxr-xr-x 96 2006/09/06 12:57:36 .
drwxrwxrwx 96 2006/09/11 15:35:33 test
# ...
it works flawlessly, but when trying to get a subdirectory we get the
following error:
# DEV1:/etc# rsync dev1::deploy/test
#
2001 Jun 20
8
[Lutz.Jaenicke@aet.TU-Cottbus.DE: 2.9p1: HP-UX 10.20 utmp/wtmp handling broken?]
Hi!
I am resending the following message about problems with utmp handling.
* In the meantime I had some request in private mail from people asking
whether I have new information.
* The problem is still persistant in 2.9p2.
* My own new investigations show, that the problem only appears with
protocol 2, not with protocol 1, I therefore only started to note it
when protocol 2 became the
2012 Mar 06
6
openssh static build - mission impossible?
I am trying to build a static version of ssh, sshd and sftp, but after banging my head against the wall for the best part of the last 3 days I am about to give up...
Since I plan to use this on an embedded device (building dropbear is *NOT* an option!), I've excluded as many openssh configure options as I can but, ultimately, failed. This is my setup:
export LDFLAGS=' -pie -z relro -z
2002 Jul 04
4
Chroot patch (v3.4p1)
The following is a patch I've been working on to support a "ChrootUser"
option in the sshd_config file.
I was looking for a way to offer sftp access and at the same time restict
interactive shell access. This patch is a necessary first step (IMO).
It applies clean with 'patch -l'.
Also attached is a shell script that helps to build a chrooted home dir on
a RedHat 7.2
2014 Feb 03
1
OpenSSH 6.5 on HP-UX 10.20
Hi,
just a minor bugreport.
OpenSSH 6.5 needs a fix to compile on HP-UX 10.20.
On HP-UX 10.20, ntohs is not defined in "netinet/in.h" but in "arpa/inet.h".
readconf.c misses the required additional #include <arpa/inet.h>:
$ diff -c readconf.c readconf.c_new
*** readconf.c Fri Jan 17 14:03:57 2014
--- readconf.c_new Mon Feb 3 01:18:29 2014
***************
***
2009 Mar 06
20
[Bug 1567] New: Insufficient privileges to chroot() on AIX
https://bugzilla.mindrot.org/show_bug.cgi?id=1567
Summary: Insufficient privileges to chroot() on AIX
Product: Portable OpenSSH
Version: 5.2p1
Platform: PPC
OS/Version: AIX
Status: NEW
Severity: major
Priority: P2
Component: sshd
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: bana
2006 Apr 27
0
bug in OpenSSH_4.3p2: pam_open_session() called but not close for root users
For root sessions pam_open_session is called, but not pam_close_session.
sshd behavior is broken for root logins because if pam session
is run from the child, close is never called due to exec:
on open
since use_privsep is not set, parent calls do_exec_pty(),
which does not open session. then, it skips calling do_setusercontext(),
so it does not open session.
child calls
2015 Oct 22
3
[Bug 2482] New: SELinux integration
https://bugzilla.mindrot.org/show_bug.cgi?id=2482
Bug ID: 2482
Summary: SELinux integration
Product: Portable OpenSSH
Version: 7.1p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
2011 Nov 29
3
[Bug 1952] New: Local port forwarding does not work in a particular combination of conditions.
https://bugzilla.mindrot.org/show_bug.cgi?id=1952
Bug #: 1952
Summary: Local port forwarding does not work in a particular
combination of conditions.
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.8p1
Platform: Itanium
OS/Version: HP-UX
Status: NEW
Severity: normal
2008 Jul 22
0
Announce: OpenSSH 5.1 released
OpenSSH 5.1 has just been released. It will be available from the
mirrors listed at http://www.openssh.com/ shortly.
OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0
implementation and includes sftp client and server support.
We have also recently completed another Internet SSH usage scan, the
results of which may be found at http://www.openssh.com/usage.html
Once again, we