similar to: How to achieve proper privilege separation?

I've recently hit a bug after updating pam, while pam-ssh passphrase authentication become enabled. Dovecot-auth crashes as users having private a key stored in .ssh try to log in. I have a gentoo system with dovecot-1.1.7 installed. PAM: 1.1.0. Gentoo Bug: http://bugs.gentoo.org/show_bug.cgi?id=274924 Regards, Dw. -- dr T?th Attila, Radiol?gus, 06-20-825-8057, 06-30-5962-962 Attila Toth

A non-text attachment was scrubbed... Name: openssh-setcred.patch Type: text/x-patch Size: 2735 bytes Desc: PAM and Kerberos Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040527/d7678ac6/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: openssh-pam-privsep.patch Type: text/x-patch Size: 1171 bytes Desc: GSSAPIAuth PAM and

http://bugzilla.mindrot.org/show_bug.cgi?id=382 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From markus at openbsd.org 2002-09-11

FWIW, after patching the mmap issue, openssh still doesn't work on linux kernel 2.0.39 (+ patches): sshd[22202]: fatal: mm_receive_fd: expected type 1 got 2355841 I didn't dig deeper into it yet, but I believe 2.0 kernel does not support the kind of recvmsg() use privsep expects. -- v -- v at iki.fi

When the unprivileged child has chrooted it can no longer open /etc/resolv.conf, so if the resolver hasn't yet initialized itself then dns lookups will not be possible. This is unfortunately what normally happens, but sshd falls back gracefully. There are a couple of wrinkles: the resolver will typically try talking to a nameserver on the local host by default (using INADDR_ANY rather than

http://bugzilla.mindrot.org/show_bug.cgi?id=319 Summary: Privilege Separation failing on OSF1 v5.1 Product: Portable OpenSSH Version: -current Platform: Alpha OS/Version: OSF/1 Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=319 ------- Additional Comments From mouring at eviladmin.org 2002-06-29 02:59 ------- Created an attachment (id=120) Sounds like an SIA issue w/ privsep. Does this fix it? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=327 Summary: monitor_fdpass.c: Expected 1 got 1075033556 - Privilege Separation Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P2 Component: Miscellaneous AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=331 Summary: ssh w/o privilege separation does not work for non-root users Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: Linux Status: NEW Severity: major Priority: P3 Component: ssh AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=331 ------- Additional Comments From norbert.bladt at t-systems.ch 2002-07-03 17:34 ------- Forgot to mention the kernel version: 2.2.14-5.0, sorry. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Is this a known problem? Niels. ----- Forwarded message from Judah Levine <jlevine at utcnist.colorado.edu> ----- Date: Fri, 5 Jul 2002 08:58:46 -0600 (MDT) From: Judah Levine <jlevine at utcnist.colorado.edu> To: provos at citi.umich.edu Subject: Privilege separation Hello, I have just installed openssh-3.4p1 on a COMPAQ/DEC/HP Alpha running True64 UNIX v4.0F. The privilege

http://bugzilla.mindrot.org/show_bug.cgi?id=331 ------- Additional Comments From djm at mindrot.org 2002-09-10 22:11 ------- Are there any messages left in the log on the server end? ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=331 ------- Additional Comments From djm at mindrot.org 2003-01-07 18:23 ------- 3 months, no followup == no bug ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Hello all, I have a question about the design of the privilege separation aspect of openSSH. From what I understand, the interface between the privileged process and the unprivileged one is implemented as a set of well-defined operations with only a small subset of these operations enabled at any given time. These operations are enabled and disabled depending on the task at hand. What I am

http://bugzilla.mindrot.org/show_bug.cgi?id=327 ------- Additional Comments From jmknoble at pobox.com 2002-07-02 04:11 ------- Could you please check the error message again? Is it: mm_receive_fd: recvmsg: expected received 1 got nnnnnnnn or is it this: mm_receive_fd: expected type 1 got nnnnnnnn ? Those are two different problems, within a few lines of each other. The exact text

http://bugzilla.mindrot.org/show_bug.cgi?id=839 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #600 is|0 |1 obsolete| | ------- Additional Comments From dtucker at zip.com.au 2004-05-21 13:08 -------

To get BSM working on Solaris 8 with OpenSSH, I did this: Download John R. Jackson's OpenSSH 3.5p1 BSM patch here, and save as "patch.tar.gz": http://bugzilla.mindrot.org/show_bug.cgi?id=125 (NOTE TO OpenSSH DEVELOPERS, can you incorporate this patch into the next version of OpenSSH?) Installing the OpenSSH 3.5p1 BSM patch: ?-------------------------------------- Turning on Sun BSM

http://bugzilla.mindrot.org/show_bug.cgi?id=1105 markus at openbsd.org changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Privledge Separation |Privilege Separation ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the

Does someone understand this? I do not. Niels. ----- Forwarded message from laurent Protois <protois at ensea.fr> ----- Subject: NVIDIA and Privilege Separation From: laurent Protois <protois at ensea.fr> To: provos at citi.umich.edu X-Mailer: Ximian Evolution 1.0.7-1mdk Date: 10 Jul 2002 09:29:45 +0200 Hi Niels, i have a little problem with openssh 3.4 and Nvidia kernel driver:

http://bugzilla.mindrot.org/show_bug.cgi?id=1343 Summary: Privilege separation does not work on QNX Product: Portable OpenSSH Version: 4.6p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: bitbucket at mindrot.org ReportedBy: kraai at