Displaying 20 results from an estimated 2000 matches similar to: "Question about a recent change to uidswap.c in the portability snapshot"
2004 Sep 22
1
[PATCH] permanently_set_uid: Don't try restoring gid on Cygwin
Hi,
the below patch solves the same problem for gids as has already been
solved for uids. Windows has no concept of permanently changing the
identity. It's always possible to revert to the original identity.
Thanks,
Corinna
Index: uidswap.c
===================================================================
RCS file: /cvs/openssh_cvs/uidswap.c,v
retrieving revision 1.44
diff -p -u -r1.44
2003 Sep 16
2
[PATCH] permanently_set_uid fails on Cygwin :-(
Hi,
I'm terribly sorry that I missed this before 3.7p1 was out. The
permanently_set_uid() function fails on Cygwin since the test to
revert to the saved uid unfortunately works on Cygwin though it
shouldn't. The reason is that a Windows NT process always can
revert to its previous privileges. There's no such concept of
giving up rights in a process permanently. This is only
2004 Aug 27
2
OpenSSH-3.9p1 permanently_set_uid behavior on Linux
Aloha,
I'm curious about the following code at line 203 in uidswap.c:
/* Try restoration of GID if changed (test clearing of saved gid) */
if (old_gid != pw->pw_gid &&
(setgid(old_gid) != -1 || setegid(old_gid) != -1))
fatal("%s: was able to restore old [e]gid", __func__);
This causes permanently_set_uid to fail in the following case:
$ su
Password: ????????
#
2004 Aug 29
0
uidswap.c breaks ssh when originating user is root
EHLO,
Somehow I don't think it makes any sense to test whether the
gid/egid can be changed, if the original uid happened to be
root. Root can always change the gid/egid anyhow.
So, I would like to propose the following change to 3.9p1...
--- uidswap.c.orig Sun Aug 29 15:43:57 2004
+++ uidswap.c Sun Aug 29 15:44:05 2004
@@ -201,7 +201,7 @@
#endif
/* Try restoration of GID if
2006 Apr 11
1
[Bug 1182] uid 0, gid !=0 fools defensive check in uidswap.c
http://bugzilla.mindrot.org/show_bug.cgi?id=1182
Summary: uid 0, gid !=0 fools defensive check in uidswap.c
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P4
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy:
2001 Apr 04
2
[follow-up/fix] openssh 2.5.2p2 not allowing RSA authentication
the stat() on which file?
On Wed, Apr 04, 2001 at 02:06:56PM +0200, Jan Just Keijser wrote:
> hmmm, I found the problem and managed to fix it, but I am not sure if this
> isn't broken:
>
> using gdb, I found that sshd fails to stat the 'authorized_keys' files,
> which was in /local/home/janjust/.ssh/authorized_keys. Here were the
> permissions for the directories
2001 Oct 08
2
Porting OpenSSH 2.9.9p2 to Dynix V4.4.4
Hello Porters,
I am attempting to compile OpenSSH 2.9.9p2 on a Dynix V4.4.4 host.
I have set USE_PIPES and BROKEN_SAVED_UIDS (the latter because there are
no functions for set{eu,eg}id() that I can find). I configured with
"./configure '--with-libs=-lnsl -lsec'".
Each time I attempt to login, I get this error:
No utmp entry. You must exec "login" from
2002 May 16
3
uidswap
All,
Could someone explain the purpose of the uidswap functions with
respect to ssh ( the client ). From what I gathered , ssh installs as
setuid root and swaps ids when reading potential key files that may be read
only by root. Also , I think when binding to a privileged port ssh swaps
id. Is that so? What are the consequnences if you do not install ssh setuid
root? ( As far I as know no uid
2001 Apr 25
0
NeXT // Broken _POSIX_SAVED_ID patch
Ok, for those running NeXT and other platforms with broken/missing
_POSIX_SAVED_ID please try this patch, and anyone that has spent any
amount of time dealing with this problem.
I believe it's right.
BTW, this patch is no where near as big as it looks. The patch was
done against an earily version of the tree which had an issue with
white space.
- Ben
--- ../openssh/uidswap.c Sun Apr 22
2005 May 12
0
[PATCH] Trusted IRIX Support
I developed a better prototype quicker than I expected.
Please provide feedback. It's been a few years since I've used autoconf,
so I'm not certain the new defines were integrated correctly.
Jason
diff -r -C3 openssh-4.0p1/acconfig.h openssh-4.0p1.trix/acconfig.h
*** openssh-4.0p1/acconfig.h Fri Feb 25 17:07:38 2005
--- openssh-4.0p1.trix/acconfig.h Thu May 12 10:32:25
2005 Jan 05
2
changing group for root
Hello All,
The changing of group for the root results in the following message with
OpenSSH 3.9p1
"permanently_set_uid: was able to restore old [e]gid"
The following change in uidswap.c fixes me the problem.
/* Try restoration of GID if changed (test clearing of saved gid) */
- if (old_gid != pw->pw_gid &&
+ if(getgid() != pw->pw_gid &&
(setgid(old_gid)
2001 Oct 08
1
Ported OpenSSH 2.9.9p2 to Dynix
Hello Porters,
I've finally (thanks to Wendy Palm of Cray) ported OpenSSH to
Dynix v4.4.4. I had to make sure that "UseLogin" was set to "no" in the
sshd_config file. Also, here are the old-style contextual diffs (obtained
with 'diff -c' on the Dynix box) of the two files I had to change:
*** configure Sat Jun 16 17:09:50 2001
--- configure.new Mon Oct 8
2020 Oct 22
0
UID/GID CentOS 6 to CentOS 7
> Hi,
>
> we are upgrading some servers from C6 to C7 with a lot of user accounts
> on them (UID>=500).
> CentOS 7 has MIN_UID/MIN_GID 1000, Centos 6 has 500 in login.defs.
>
> Can I change in /etc/login.defs MIN_UID/MIN_GID to 500 for C7? So I
> could just grep the users out from passwd/shadow/group files and append
> them to the Centos7 passwd/shadow/group files.
2001 Apr 22
1
relaxing access rights verifications
Hello,
I was trying to build a chrooted sftp account when I faced a problem. The
chroot is done with the patch present in the contrib subdirectory in the
portable version (I'm under linux slackware current).
My problem is that verifying access rights on directories and files are too
tight and then I couldn't have the following things :
The user sftp, with primary group sftp, is chrooted
2005 Feb 19
0
[PATCH]: uidswap.c: Drop uid 0 check on Cygwin
Hi,
the below patch drops another test for uid 0 on Cygwin. It's embarassing
that I never found it. Actually temporarily_use_uid never worked on
Cygwin due to that.
So far that had no influence, but now that we have activated another
feature which makes Cygwin more POSIX-like, somebody on the Cygwin list
found that agent forwarding didn't work anymore. The reason is that
due to the
2020 Oct 22
6
UID/GID CentOS 6 to CentOS 7
Hi,
we are upgrading some servers from C6 to C7 with a lot of user accounts
on them (UID>=500).
CentOS 7 has MIN_UID/MIN_GID 1000, Centos 6 has 500 in login.defs.
Can I change in /etc/login.defs MIN_UID/MIN_GID to 500 for C7? So I
could just grep the users out from passwd/shadow/group files and append
them to the Centos7 passwd/shadow/group files.
Can this do any damage to CentOS7 later
2002 Jun 25
3
BSD/OS with privsep
I need this for BSD/OS 4.2 + privsep
perhaps we should not call do_setusercontext() after
chroot().
--- sshd.c.orig Fri Jun 21 03:09:47 2002
+++ sshd.c Tue Jun 25 13:11:03 2002
@@ -548,21 +548,35 @@
/* Change our root directory*/
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
strerror(errno));
if
2001 Feb 21
2
SCO 5.0.5 setluid patch
I downloaded openssh-2.5.1p1 as soon as it was on the ftp servers just
to get the setluid patch. After compiling and installing on 5.0.5 I saw
that the luid still wasn't being set correctly whether sshd was run from
inetd or as a daemon from /etc/rc2.d/. I fiddled around and moved the
setluid() stuff up higher in session.c and now luid is now being set
correctly. I provided a regular diff
2004 Jan 30
0
[PATCH] Group mapping primary group SID update
Hi all !
This is a patch for Group mapping bug #1 reported here :
http://lists.samba.org/archive/samba-technical/2004-January/034057.html
It activates users' primary group SID update when adding/modifying/deleting a
group mapping. It patches utils/net_groupmap.c (net_groupmap_add,
net_groupmap_modify, net_groupmap_delete) and can be applied to samba-3.0.2rc1.
net_groupmap_add :
Scan users
2001 Sep 28
1
openssh-2.9.9p2 assumes pid_t, uid_t, etc. are not 'long'
openssh-2.9.9p2 assumes that pid_t, uid_t, gid_t, and mode_t are no
wider than int. GCC complains about this assumption on 32-bit Solaris
8 sparc, where these types are 'long', not 'int'. This isn't an
actual problem at runtime on this host, as long and int are the same
width, but it is a problem on other hosts where pid_t is wider than
int. E.g., I've heard that 64-bit