similar to: problem in uidswap?

[resending with uidswap.c instead of uidwrap.c] Once I got past the missing inet_ntoa.h weirdness, I ran into an sshd that died a lot. It appears that IRIX doesn't like some of the extra checks added between 1.23 and 1.24 of uidswap.c. Not sure if that constitutes an IRIX bug or not, but helpfully this helps someone. -- Mail: mjo at dojo.mi.org WWW: http://dojo.mi.org/~mjo/ Phone: +1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Here's the output from running sshd in debug mode: debug1: sshd version OpenSSH_3.7p1 debug1: private host key: #0 type 0 RSA1 debug1: read PEM private key done: type RSA debug1: private host key: #1 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #2 type 2 DSA debug1: setgroups() failed:

1) Testing of uidswap.c on a Tru64 UNIX V4.0G PK4 (BL22) machine shows the following defines to be required for correct uid changing semantics: #define BROKEN_SETREGID 1 #define BROKEN_SETREUID 1 #define SETEUID_BREAKS_SETUID 1 Failure to fix these contributes to breaking privilege separation (in a safe way: connections will fail while UsePrivilegeSeparation=yes, thanks to

Hi folks, I have successfully compiled and run OpenSSH 4.1p1 on NCR MPRAS: $ uname -a UNIX_SV support1 4.0 3.0 3446 Pentium Pro(TM)-EISA/PCI $ However, I have found one pretty critical problem, arising from the way that MPRAS handles changes to the IP stack. Background: To update any of the IP or TCP configuration options, system administrators should use the program "tcpconfig".

http://bugzilla.mindrot.org/show_bug.cgi?id=653 Summary: sshd breaks logins after upgrade to 3.7.1p1 (Tru64 UNIX) Product: Portable OpenSSH Version: 3.7.1p1 Platform: Alpha OS/Version: other Status: NEW Severity: critical Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org

Hi, The problem that setsockopt(IP_TOS) doesn't work on Cygwin is long fixed. Ages ago Microsoft changed the definition for IP_TOS when moving from winsock1 to winsock2 and IP_TOS in Cygwin didn't work all these years because nobody (that's especialy me) realized that we were still using the old winsock1 value. This has been fixed since 2005, though. Patch below. Corinna Index:

There have been a few recent commits to portable OpenSSH that require testing. It would be appreciated if you could grab the 20031118 (or later) snapshot and give it a try on your platforms of choice. Ideally, "giving it a try" means running the regress tests, in addition to casual (non-production) use and reporting your experiences back to the list. The more platforms and compile-time

Hi, I have recently compiled a copy of OpenSSH for use on Reliant Unix ( Sinix ) version 5.45. My installation works okay for user root. When I try to log on as another user I get prompted for the user password. When I type this in OpenSSH throws me out each time. I have been able to see any errors. My version is OpenSSH_3.8p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004. I am using Putty

Hi, I've seen a few messages re. problems with 3.7.1p1 on IRIX 6.5... I'm using 6.5.19 and having no trouble compiling, installing and starting, but sshd just closes the connection with no explanation. debug/verbose modes don't seem to give any clues. Darren Tucker suggested defining BROKEN_GETADDRINFO in config.h, but I find that compilation then fails (assuming I've implemented

Hi Group, recently I upgraded to v 3.7.1p2 on Reliant Unix (former SINIX). With sser root everything works fine, but with a "normal" user the session terminates.. I put the logfile of the "sshd -dddd" at the end. What is wrong? regard Stephan --------------- debug2: read_server_config: filename /etc/sshd_config debug1: sshd version OpenSSH_3.7.1p2 debug1: private host key:

Well, I had just finally gotten around to downloading a snapshot to test the latest on Tru64 a couple of days ago but hadn't had a chance to build it yet, and 3.7p1 has now been released. Sigh. The problem is that Tru64 setreuid() and setregid() are broken, so privsep doesn't work. This could also be a security problem for SIA authentication in general (any version of OpenSSH on Tru64,

Hello, would it be possible to update config.sub and config.guess to the latest versions (or at least version from automake-1.13.1) in order to support new architectures based on the ARM 64 bit CPU? Patch: http://plautrba.fedorapeople.org/openssh/openssh-latest-config.sub-config.guess.patch Related Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=926284 Thanks, Petr

http://bugzilla.mindrot.org/show_bug.cgi?id=715 Summary: usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful Product: Portable OpenSSH Version: -current Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: Build system AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=693 Summary: Missing definitions in configure scripts Product: Portable OpenSSH Version: 3.7.1p1 Platform: ix86 OS/Version: other Status: NEW Severity: normal Priority: P4 Component: Build system AssignedTo: openssh-bugs at mindrot.org ReportedBy:

Hi, the below patch drops another test for uid 0 on Cygwin. It's embarassing that I never found it. Actually temporarily_use_uid never worked on Cygwin due to that. So far that had no influence, but now that we have activated another feature which makes Cygwin more POSIX-like, somebody on the Cygwin list found that agent forwarding didn't work anymore. The reason is that due to the

Fixes a potential (but probably rather unlikely) use after free bug in function temporarily_use_uid(), file uidswap.c. --- a/uidswap.c +++ b/uidswap.c @@ -113,8 +113,9 @@ temporarily_use_uid(struct passwd *pw) } } /* Set the effective uid to the given (unprivileged) uid. */ - if (setgroups(user_groupslen, user_groups) < 0) -

http://bugzilla.mindrot.org/show_bug.cgi?id=374 Summary: uidswap.c doesn't compile on SCO 3.2v4.2 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev at mindrot.org

EHLO, Somehow I don't think it makes any sense to test whether the gid/egid can be changed, if the original uid happened to be root. Root can always change the gid/egid anyhow. So, I would like to propose the following change to 3.9p1... --- uidswap.c.orig Sun Aug 29 15:43:57 2004 +++ uidswap.c Sun Aug 29 15:44:05 2004 @@ -201,7 +201,7 @@ #endif /* Try restoration of GID if

A change was recently introduced into uidswap.c to cover the case where the user is root. The change is "&& pw->pw_uid != 0 &&". /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid) != -1 || setegid(old_gid) != -1))

http://bugzilla.mindrot.org/show_bug.cgi?id=1182 Summary: uid 0, gid !=0 fools defensive check in uidswap.c Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P4 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: