similar to: sshd reexec mechanism

On 6/2/20 9:33 AM, Richard W.M. Jones wrote: > On Tue, Jun 02, 2020 at 09:22:49AM -0500, Eric Blake wrote: >> On 6/2/20 7:27 AM, Richard W.M. Jones wrote: >>> Use an extensible buffer (a vector<char>) when reading >>> /proc/self/cmdline. >>> >>> Tidy up some error messages. >>> --- >>> plugins/vddk/reexec.c | 57

On 6/2/20 7:27 AM, Richard W.M. Jones wrote: > Use an extensible buffer (a vector<char>) when reading > /proc/self/cmdline. > > Tidy up some error messages. > --- > plugins/vddk/reexec.c | 57 ++++++++++++++++++++++++++----------------- > 1 file changed, 35 insertions(+), 22 deletions(-) > > @@ -80,42 +95,40 @@ perform_reexec (const char *env, const char

Use an extensible buffer (a vector<char>) when reading /proc/self/cmdline. Tidy up some error messages. --- plugins/vddk/reexec.c | 57 ++++++++++++++++++++++++++----------------- 1 file changed, 35 insertions(+), 22 deletions(-) diff --git a/plugins/vddk/reexec.c b/plugins/vddk/reexec.c index 5a5e9844..9641ee8c 100644 --- a/plugins/vddk/reexec.c +++ b/plugins/vddk/reexec.c @@ -48,6

Thanks for suggestion. That was, indeed, a problem on our network. Sorry for bothering you. BTW, "-r" option is not included in a man page, it doesn't seem to have any effect as well. 2015-12-11 5:47 GMT+03:00 Darren Tucker <dtucker at zip.com.au>: > On Wed, Dec 9, 2015 at 7:43 PM, Andrey Klimentev <andrei650816 at gmail.com> wrote: >> Hello, everybody.

Pure refactoring. Just decouples the complicated reexec code from the rest. --- plugins/vddk/Makefile.am | 2 + plugins/vddk/vddk.h | 42 +++++++++ plugins/vddk/reexec.c | 196 +++++++++++++++++++++++++++++++++++++++ plugins/vddk/vddk.c | 151 ++---------------------------- 4 files changed, 246 insertions(+), 145 deletions(-) diff --git a/plugins/vddk/Makefile.am

See this thread: https://www.redhat.com/archives/libguestfs/2020-June/thread.html#00012 This commit also adds a regression test of vddk password=- and password=-FD. --- tests/Makefile.am | 4 ++ plugins/vddk/vddk.h | 1 + plugins/vddk/reexec.c | 43 ++++++++++++- plugins/vddk/vddk.c | 2 +-

https://bugzilla.mindrot.org/show_bug.cgi?id=2300 Bug ID: 2300 Summary: reexec.sh and login-timeout.sh fail due to a race condition Product: Portable OpenSSH Version: 6.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

On Tue, Jun 02, 2020 at 09:22:49AM -0500, Eric Blake wrote: > On 6/2/20 7:27 AM, Richard W.M. Jones wrote: > >Use an extensible buffer (a vector<char>) when reading > >/proc/self/cmdline. > > > >Tidy up some error messages. > >--- > > plugins/vddk/reexec.c | 57 ++++++++++++++++++++++++++----------------- > > 1 file changed, 35 insertions(+), 22

http://bugzilla.mindrot.org/show_bug.cgi?id=973 Summary: sshd behaves differently while doing syslog entries for tcpwrappers denied message, with -r and without -r option. Product: Portable OpenSSH Version: 3.9p1 Platform: All OS/Version: All Status: NEW Severity: normal

On Fri, Dec 9, 2011 at 11:16 AM, Eric Christopher <echristo at apple.com>wrote: > > On Dec 9, 2011, at 11:12 AM, Kostya Serebryany wrote: > > > Yes, we have no ASRL with -no_pie. > > Can we disable ASRL even with -pie? > > On linux we can do it with "setarch x86_64 -R". > > > > You asked about link time. Now it sounds like you're talking

I ran into a bug while testing 3.9p1. If you start sshd with -r (re-exec disabled), once the daemon is forked to handle a client, the child closes stdin by accident. This causes FD 0 to get re-used by the next open call which eventually you end up with a mess. In the perticual case I saw, the pty fd ended up on FD 0 was closed by do_exec_pty(), pty_make_controlling_tty() then opened a new ttyfd

On Dec 9, 2011, at 11:46 AM, Alexander Potapenko wrote: >> Link time is of course better. >> But if there is a syscall (like the one used by setarch) we could call it >> and reexec. >> Using setenv("DYLD_NO_PIE")+reexec looks gross to me. > There's posix_spawnattr_setflags() that can do the job >

This has been broken since we added the reexec code (commit 155af3107292c351d54ed42c732f4a67bb9aa910) because it tried to read the password twice (before and after the reexec) failing the second time because stdin had already been reopened on /dev/null. Virt-v2v used this feature, but I will change virt-v2v instead. --- plugins/vddk/nbdkit-vddk-plugin.pod | 7 +------ plugins/vddk/vddk.c

https://bugzilla.mindrot.org/show_bug.cgi?id=2019 Bug #: 2019 Summary: After a possible buffer overflow attack sshd does not accept connections any longer. Classification: Unclassified Product: Portable OpenSSH Version: 5.4p1 Platform: ix86 OS/Version: HP-UX Status: NEW Severity: normal

On Dec 9, 2011, at 11:23 AM, Kostya Serebryany wrote: > > > On Fri, Dec 9, 2011 at 11:16 AM, Eric Christopher <echristo at apple.com> wrote: > > On Dec 9, 2011, at 11:12 AM, Kostya Serebryany wrote: > > > Yes, we have no ASRL with -no_pie. > > Can we disable ASRL even with -pie? > > On linux we can do it with "setarch x86_64 -R". > >

On Fri, 7 Feb 2020 at 15:09, Hisashi T Fujinaka <htodd at twofifty.com> wrote: > > On Fri, 7 Feb 2020, Damien Miller wrote: > > > On Thu, 6 Feb 2020, Hisashi T Fujinaka wrote: > > > >> Built and passed tests on NetBSD-9_RC2 on amd64 and on NetBSD-current on > >> amd64. Issues with MacOS Catalina: > >> configure: error: *** working libcrypto not

> Link time is of course better. > But if there is a syscall (like the one used by setarch) we could call it > and reexec. > Using setenv("DYLD_NO_PIE")+reexec looks gross to me. There's posix_spawnattr_setflags() that can do the job (http://reverse.put.as/2011/08/11/how-gdb-disables-aslr-in-mac-os-x-lion/), but the necessary flag appeared only in Lion. To the best of my

On Fri, Dec 9, 2011 at 11:24 AM, Eric Christopher <echristo at apple.com>wrote: > > On Dec 9, 2011, at 11:23 AM, Kostya Serebryany wrote: > > > > On Fri, Dec 9, 2011 at 11:16 AM, Eric Christopher <echristo at apple.com>wrote: > >> >> On Dec 9, 2011, at 11:12 AM, Kostya Serebryany wrote: >> >> > Yes, we have no ASRL with -no_pie. >>

Hi, OpenSSH 6.6 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a small release mostly to fix some minor but annoying bugs in openssh-6.5. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable

On Mon, Jun 01, 2020 at 12:13:13PM -0500, Eric Blake wrote: > On 6/1/20 11:07 AM, Richard W.M. Jones wrote: > >This has been broken since we added the reexec code > >(commit 155af3107292c351d54ed42c732f4a67bb9aa910) because it > >tried to read the password twice (before and after the reexec) failing > >the second time because stdin had already been reopened on /dev/null.