similar to: changing group for root

Hi, the below patch solves the same problem for gids as has already been solved for uids. Windows has no concept of permanently changing the identity. It's always possible to revert to the original identity. Thanks, Corinna Index: uidswap.c =================================================================== RCS file: /cvs/openssh_cvs/uidswap.c,v retrieving revision 1.44 diff -p -u -r1.44

Aloha, I'm curious about the following code at line 203 in uidswap.c: /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__); This causes permanently_set_uid to fail in the following case: $ su Password: ???????? #

EHLO, Somehow I don't think it makes any sense to test whether the gid/egid can be changed, if the original uid happened to be root. Root can always change the gid/egid anyhow. So, I would like to propose the following change to 3.9p1... --- uidswap.c.orig Sun Aug 29 15:43:57 2004 +++ uidswap.c Sun Aug 29 15:44:05 2004 @@ -201,7 +201,7 @@ #endif /* Try restoration of GID if

A change was recently introduced into uidswap.c to cover the case where the user is root. The change is "&& pw->pw_uid != 0 &&". /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid) != -1 || setegid(old_gid) != -1))

Hi all ! This is a patch for Group mapping bug #1 reported here : http://lists.samba.org/archive/samba-technical/2004-January/034057.html It activates users' primary group SID update when adding/modifying/deleting a group mapping. It patches utils/net_groupmap.c (net_groupmap_add, net_groupmap_modify, net_groupmap_delete) and can be applied to samba-3.0.2rc1. net_groupmap_add : Scan users

Hello All, Im using OpenSSH 4.2p1 statically linked with OpenSSL 0.9.7i. It looks now that a fips certified OpenSSL is now available at http://www.openssl.org/source/OpenSSL-fips-1.0.tar.gz . I like to know of any patches applicable for OpenSSH versions to make it fips compliant. Is there any idea for OpenSSH core team to make OpenSSH as fips compliant? What amount of work it needs at this

Ok, for those running NeXT and other platforms with broken/missing _POSIX_SAVED_ID please try this patch, and anyone that has spent any amount of time dealing with this problem. I believe it's right. BTW, this patch is no where near as big as it looks. The patch was done against an earily version of the tree which had an issue with white space. - Ben --- ../openssh/uidswap.c Sun Apr 22

Hello All, Im using OpenSSH-3.9p1 configured for PAM,krb etc.. When I use Key based auth methods such as Public key,gssapi etc, this skips the pam_authenticate() call and directly calls pam_acct_mgmt(). This results in a failed attempt with few of my own PAM modules. Is there any way to implement this facility to be controlled by a directive in sshd_config. I mean PAM calls should not be

> Sergio Gelato wrote; >> I see that the rest of that function has an "if (problem) goto out;" >> after >> every krb5 library call. Doesn't that also introduce measurable time >> differences? Interesting. > I wrote a test case with expect to measure the time difference for valid and invalid user with the same workaround as said before. It seems to

I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if

Hi, I'm terribly sorry that I missed this before 3.7p1 was out. The permanently_set_uid() function fails on Cygwin since the test to revert to the saved uid unfortunately works on Cygwin though it shouldn't. The reason is that a Windows NT process always can revert to its previous privileges. There's no such concept of giving up rights in a process permanently. This is only

Hello All, My testing of OpenSSH-39 compiled with tcp_wrappers in hpux 11.11 and hpux 11.23 points that sshd is NOT sending the syslog details properly to specified files. This happens when I set the syslogfacility as local7 and Log Level as INFO for sshd. However OpenSSH -38 works correctly for the same setting. I denied a host in /etc/hosts.deny and sshd should send a message "refused

On 27 Oct 2015, at 09:48, Senthil Kumar <senthil.thecoder at gmail.com> wrote: > > Haven't worked on this yet, but I work on the gcc AVR backend (and binutils), and I'm very interested in this - I intend to work on it in my spare time. And do you have any comments / objections to Dylan becoming the code owner? David

http://bugzilla.mindrot.org/show_bug.cgi?id=975 Summary: Kerberos authentication timing can leak information about account validity Product: Portable OpenSSH Version: -current Platform: All URL: http://marc.theaimsgroup.com/?l=openssh-unix- dev&m=110371328918329&w=2 OS/Version: All

http://bugzilla.mindrot.org/show_bug.cgi?id=910 fullung at gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |fullung at gmail.com ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

Hello Porters, I've finally (thanks to Wendy Palm of Cray) ported OpenSSH to Dynix v4.4.4. I had to make sure that "UseLogin" was set to "no" in the sshd_config file. Also, here are the old-style contextual diffs (obtained with 'diff -c' on the Dynix box) of the two files I had to change: *** configure Sat Jun 16 17:09:50 2001 --- configure.new Mon Oct 8

Hello Porters, I am attempting to compile OpenSSH 2.9.9p2 on a Dynix V4.4.4 host. I have set USE_PIPES and BROKEN_SAVED_UIDS (the latter because there are no functions for set{eu,eg}id() that I can find). I configured with "./configure '--with-libs=-lnsl -lsec'". Each time I attempt to login, I get this error: No utmp entry. You must exec "login" from

All, Could someone explain the purpose of the uidswap functions with respect to ssh ( the client ). From what I gathered , ssh installs as setuid root and swaps ids when reading potential key files that may be read only by root. Also , I think when binding to a privileged port ssh swaps id. Is that so? What are the consequnences if you do not install ssh setuid root? ( As far I as know no uid

Hello, I was trying to build a chrooted sftp account when I faced a problem. The chroot is done with the patch present in the contrib subdirectory in the portable version (I'm under linux slackware current). My problem is that verifying access rights on directories and files are too tight and then I couldn't have the following things : The user sftp, with primary group sftp, is chrooted

I developed a better prototype quicker than I expected. Please provide feedback. It's been a few years since I've used autoconf, so I'm not certain the new defines were integrated correctly. Jason diff -r -C3 openssh-4.0p1/acconfig.h openssh-4.0p1.trix/acconfig.h *** openssh-4.0p1/acconfig.h Fri Feb 25 17:07:38 2005 --- openssh-4.0p1.trix/acconfig.h Thu May 12 10:32:25