Displaying 20 results from an estimated 600 matches similar to: "Might a patch to ssh-agent to allow relaxing of peer euid check be accepted?"
2002 Apr 02
0
[Bug 199] New: ssh-agent -k doesn't check $SHELL environment variable
http://bugzilla.mindrot.org/show_bug.cgi?id=199
Summary: ssh-agent -k doesn't check $SHELL environment variable
Product: Portable OpenSSH
Version: 3.1p1
Platform: All
OS/Version: All
Status: NEW
Severity: minor
Priority: P3
Component: ssh-agent
AssignedTo: openssh-unix-dev at mindrot.org
2023 Jun 17
2
[PATCH] ssh-agent: add systemd socket-based activation
This adds support for systemd socket-based activation in the ssh-agent.
When using socket activation, the -a flag value must match the socket
path provided by systemd, as a sanity check. Support for this feature is
enabled by the --with-systemd configure flag.
---
Something tells me upstream would not be interested in this patch, but
as it may be useful on linux, I'm submitting it here.
2007 Aug 21
1
ssh-agent security
ssh-agent is a great tool that is often misconfigured with respect to
agent forwarding. How many people running ssh-agent and doing a ssh
-A have the very same public keys in ~/.ssh/authorized_keys of the machine
they are coming from? ssh(1) is very clear in its warning about enabling
agent forwarding. The simple act of prompting the user before using the
key would enable them to determine
2006 Aug 28
0
patch for ssh-agent force confirm keys
Hi all
Patch adds flag -C to ssh-agent which will force
confirmation for any key added in agent (similar
to ssh-add -c)
Helps when forwarded agent authentication is used and
each key should be confirmed before use
catam
--- ssh-agent.c 2006-08-28 14:02:12.000000000 +0300
+++ ssh-agent.c.orig 2006-08-28 13:36:05.000000000 +0300
@@ -111,9 +111,6 @@
/* Default lifetime (0 == forever) */
2007 Feb 23
1
ssh-agent does not immediately clean timeouted keys from memory
during my seminar of advanced exploitation techniques (SEAT, [1]) i
developed some methods to crack into system via DMA (e.g. via firewire).
as part of this i developed a program that steals loaded ssh private
keys from ssh-agents. i was astonished to find that the keys are not
immediately removed from the agent when a timeout occurs, but only the
next time the agent is queried via its socket. i
2002 Dec 18
2
patch for openssh3.5p1 - adds logging option
this patch adds a LogFile option to sshd_config. it just logs messages
directly to a file instead of stderr or syslog. the largest change
is an additional argument to log_init() in log.c for the log file name
(and then changes to the rest of the tools to add a NULL arg).
galt
-------------- next part --------------
diff -urN openssh-3.5p1-orig/log.c openssh-3.5p1/log.c
---
2012 Mar 11
2
[patch] Threading support in ssh-agent
Hi all!
I do not know openssh patch policy so I am just sending
the patch to the mailing list. Sorry for inconvenience.
Ssh-agent seems to be too slow if you need to access thousands of
servers. This is a simple patch to enable threading in ssh2 authentication.
Patch adds "-p numthreads" option and defaults to the number of processors.
I've tested it as I could, but
2013 Nov 24
0
[LLVMdev] [llvmdev] Specifying / modeling copying semantics in more detail
Dear All,
I've had a lot of progress on my 6502 family target, but I've hit a bit of
a stumbling block wherein some passes inadvertently cause malformed final
instruction listings. It's not necessarily llvm's fault, though. An example:
%a<def> = COPY %w04
asl_a_16_once %a<imp-def>, %n_flag<imp-def,dead>,
%z_flag<imp-def,dead>,
2000 Feb 08
0
Bug report and PATCH in ssh-agent in openssh 1.2.2
Dear folks,
system: RH 6.1 Linux on a PIII
software: installed binaries resulting from rpm --rebuild
openssh-1.2.2-1.src.rpm, downloaded from
http://the.wiretapped.net/security/cryptography/ssh/OpenSSH/files/openssh-1.2.2-1.src.rpm
problem program: ssh-agent
problem description:
When execute
ssh-agent startx -- -bpp 32
ssh-agent does not pass the -bpp 32 to startx.
Why problem exists:
2004 Oct 03
3
[PATCH] PreferAskpass in ssh_config
Moin,
attached is a patch, which adds a new configuration option
"PreferAskpass" to the ssh config.
ssh{,-add,-keygen,-agent} will use ssh-askpass to prompt for passwords, if
this option is set to "yes", and if ssh-askpass is available.
Default for "PreferAskpass" is "no".
Pacth is against current CVS.
Sebastian
--
signature intentionally left blank.
users = virual + system (both with ldap backend) => Fatal: setgid(12(mail)) failed with euid=501(...
2013 Jan 18
0
users = virual + system (both with ldap backend) => Fatal: setgid(12(mail)) failed with euid=501(...
dear all
probably something trivial, just cannot get my way around
it, my goal is to get sieve on local-system users too, so
postfix hands lda over to dovecot
errors with mail for system users:
lda(me): Fatal: setgid(12(mail)) failed with euid=501(me),
gid=513(Domain Users), egid=513(
Domain Users): Operation not permitted (This binary should
probably be called with process group set to
2001 May 04
1
RSARhosts / Hostbased auth and euid=0 requirement
I'm not happy with ssh being setuid root. I know that the long-term goal is
to have a seperate host-key-management process, but that is a ways off.
Until then, I'd like to propose the following:
- Allow ssh to read alternate key files.
This would allow the ssh client to use keyfiles different from the ones
sshd uses. I know that this can be done now by changing the ones sshd uses,
2005 Jul 19
1
dovecot(pam_unix)[13823]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost
I installed Dovecot on our FC3 sendmail server and get this from our Dallas office ( out of state to me ).
dovecot(pam_unix)[13823]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost
Only one Dallas user can get mail (pop3 or imap). All local users work fine.
I ended upgoing back to UW and all works fine.
What should I look for?
Thanks
-------------- next part --------------
2011 Aug 28
1
Dovecot service needs a second restart after boot - euid is not dir owner
After reboot dovecot service need a restart.
dovecot service starts as S99dovecot with only S99rc-local coming up.
After boot following error is filled up in dovecot.log
Aug 28 11:33:12 imap(vuser): Error: open(/home/fetchmail/mailroot/map/dovecot.index.log) failed: Permission denied (euid=500(vuser) egid=500(vuser) missing +r perm: /home/fetchmail/mailroot/map/dovecot.index.log, euid is not dir
2001 Sep 28
1
openssh-2.9.9p2 assumes pid_t, uid_t, etc. are not 'long'
openssh-2.9.9p2 assumes that pid_t, uid_t, gid_t, and mode_t are no
wider than int. GCC complains about this assumption on 32-bit Solaris
8 sparc, where these types are 'long', not 'int'. This isn't an
actual problem at runtime on this host, as long and int are the same
width, but it is a problem on other hosts where pid_t is wider than
int. E.g., I've heard that 64-bit
2011 Jul 17
2
openSSH 5.8p2 BindPort patch
Hi, i have written a patch for openSSH 5.8p2 which allows the user to
set the local source port. The patch is as follows:
diff -rupN openssh-5.8p2//readconf.c openssh-5.8p2-srcport//readconf.c
--- openssh-5.8p2//readconf.c 2010-11-20 04:19:38.000000000 +0000
+++ openssh-5.8p2-srcport//readconf.c 2011-07-17 20:57:52.385044096 +0100
@@ -125,7 +125,7 @@ typedef enum {
oGlobalKnownHostsFile2,
2009 Sep 30
4
deliver: Fatal: setgid(114) failed with euid=8, gid=8, egid=8: Operation not permitted
I'm calling 'deliver' from Postfix and in some cases from
Procmail.
I set this system up more than six months ago and it's been
working flawlessly until yesterday (16:52:19 local time) when
it, without any apparent reason, just stopped delivering mails!
Lots of checking and googling (I've forgot how exacly I setup
the system :), I made 'deliver' SUID and it worked
2011 Feb 03
1
EUID not changing when delivering to a mailbox
Hello,
I've set up virtual mailboxes and I'm using one uid/gid pair
(mail/mail) to deliver almost all messages. Some accounts I'd like to
have accessible by local Linux accounts as well, so postfix is
delivering them using separate uids (gid stays the same). But I run
into a problem when dovecot auth correctly fetches uid/gid from MySQL
database, but still uses general mail
2010 Sep 20
1
[PATCH] Fix error launching libguestfs when euid != uid
When writing to a RHEV target, virt-v2v launches the libguestfs appliance with
euid:egid = 36:36, which is required to write to an NFS target using
root_squash. Since the update to use an febootstrap cached appliance, this
causes an error on startup as the cached files are owned by root, but the cache
directory is owned by 36:36. The reason for this is that execve() resets euid
and egid to uid and
2019 Feb 07
0
"sieve: failed to store into mailbox 'Junk': Read-only mbox" over root_squashed NFS, lmtp : euid/egid set and access() don't mix together for me
Hi,
I try to migrate an old fashioned mailsystem to Debian 9.7 / dovecot
2.2.7. I "have" to cope with mbox for now. I try to get rid of Sun OS
5.9 sendmail before mbox to mdbox migration (I'm fine if you laugh
loudly ^^). Intended setup : 2 VM with exim (smtp in, smtp out roughly),
3 VM with dovecot (mbox, maildir, testbed), 1 VM with IMAP proxy and
LMTP proxy.
doveconf -n is