Displaying 20 results from an estimated 300 matches similar to: "[patch] Incorrect umask in FreeBSD"
2002 Jun 25
3
BSD/OS with privsep
I need this for BSD/OS 4.2 + privsep
perhaps we should not call do_setusercontext() after
chroot().
--- sshd.c.orig Fri Jun 21 03:09:47 2002
+++ sshd.c Tue Jun 25 13:11:03 2002
@@ -548,21 +548,35 @@
/* Change our root directory*/
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
strerror(errno));
if
2006 Apr 27
0
bug in OpenSSH_4.3p2: pam_open_session() called but not close for root users
For root sessions pam_open_session is called, but not pam_close_session.
sshd behavior is broken for root logins because if pam session
is run from the child, close is never called due to exec:
on open
since use_privsep is not set, parent calls do_exec_pty(),
which does not open session. then, it skips calling do_setusercontext(),
so it does not open session.
child calls
2000 Feb 27
0
[PATCH] Fix login.conf, expiration, BSD compatibility in OpenSSH
This patch revive almost all login.conf and password/account expiration
features, makes OpenSSH more FreeBSD login compatible and fix non-critical
memory leak.
Please review and commit.
--- sshd.c.old Fri Feb 25 08:23:45 2000
+++ sshd.c Sun Feb 27 02:53:33 2000
@@ -37,9 +37,8 @@
#endif /* LIBWRAP */
#ifdef __FreeBSD__
-#include <libutil.h>
-#include <syslog.h>
#define LOGIN_CAP
2003 Sep 23
1
3.7.1p1 appears to break pam session.
Hi,
I am running FreeBSD 4.7 and openssh 3.7.1p1. I have enabled
PAM usage and indeed, I can use PAM for authentication purposes.
Since configure does login_cap.h, the preprocessor is side stepping
do_pam_session()
altogether in session.c:do_setusercontext().
Here is my patch for session.c. My understanding about
portability issues is rather limited. I would very much appreciate if
you
2002 Jun 25
0
[Bug 298] New: sshd fails to set user context, preventing all logins, also setgroups is failing
http://bugzilla.mindrot.org/show_bug.cgi?id=298
Summary: sshd fails to set user context, preventing all logins,
also setgroups is failing
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: BSDI
Status: NEW
Severity: major
Priority: P2
Component: sshd
2024 Jul 30
11
[Bug 3715] New: safely_chroot is a little too restrictive: noexec or nosuid should be enough
https://bugzilla.mindrot.org/show_bug.cgi?id=3715
Bug ID: 3715
Summary: safely_chroot is a little too restrictive: noexec or
nosuid should be enough
Product: Portable OpenSSH
Version: 9.8p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
2000 Oct 07
0
OpenSSH changes for BSD/OS
The following are patches against openssh 2.1.1p4 to add
support for the BSD_AUTH authentication mechanisms. It allows the
use of non-challenge/response style mechanisms (which styles are
allowed my be limited by appropriate auth-ssh entries in login.conf).
The patches also add support for calling setusercontext for the
appropriate class when called with a command (so that the PATH, limits,
2001 Feb 16
1
OpenSSH 2.3.0p1 port to BSDI BSD/OS
BSD/OS 4.2 comes with OpenSSH 2.1.1p4, patched to support BSDI's
authentication library. However, BSDI's patches have several
problems:
1. They don't run the approval phase, so they can allow users to login
who aren't supposed to be able to.
2. They don't patch configure to automatically detect the BSDI auth
system, so they're not ready to use in a general portable
2001 Jul 20
0
Updated chroot patch
This is the patch part of contrib/chroot.diff updated to be appliable
against openssh-2.9p2. Tested on FreeBSD (various 3.x and 4.x) without
PAM or UseLogin.
Also, as part of deployment (replacing emergency-withdrawal of Telnet
access) I've chosen to get sftp on the relevant boxes. The deployment
had a scriptlet doing the config/make/etc and after the "make install"
would change
2002 Jun 26
4
[Bug 298] sshd fails to set user context, preventing all logins, also setgroups is failing
http://bugzilla.mindrot.org/show_bug.cgi?id=298
------- Additional Comments From sshbugs at wayne47.com 2002-06-26 11:05 -------
Problem appears to be that setusercontext is being called after a chroot.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
2002 Nov 26
0
[Bug 446] New: $LOGIN not set by openssh under AIX
http://bugzilla.mindrot.org/show_bug.cgi?id=446
Summary: $LOGIN not set by openssh under AIX
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: AIX
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: mii at
2002 Jul 04
4
Chroot patch (v3.4p1)
The following is a patch I've been working on to support a "ChrootUser"
option in the sshd_config file.
I was looking for a way to offer sftp access and at the same time restict
interactive shell access. This patch is a necessary first step (IMO).
It applies clean with 'patch -l'.
Also attached is a shell script that helps to build a chrooted home dir on
a RedHat 7.2
2008 Nov 05
1
openssh on interix
Hi openssh developers,
I'm trying to port openssh to Interix. See [1] for more on this.
For Interix sshd needs to be patched to not use setuid()/setgid(), but
an Interix specific function setuser(). See [2] why it is needed.
Unfortunately, setuser() needs the clear-text password of the user to
be fully functional (If you use password-less setuser(), then the
user doesn't have network
2000 Aug 23
14
Test snapshot
I have just tarred up a snapshot and uploaded it to:
http://www.mindrot.org/misc/openssh/openssh-SNAP-20000823.tar.gz
The snapshot incorporates the last month's fixes and enhancements from
the openssh-unix-dev mailing list and from the OpenBSD developers.
In particular:
- ssh-agent and ssh-add now handle DSA keys. NB. this does not interop
with ssh.com's ssh-agent. (Markus Friedl)
2002 Sep 11
1
tru64 sia: move call of session_setup_sia() to do_setusercontext(), letting grantpty() and friends handle pty perms
Hi-
Under privsep, I experimented with moving the session_setup_sia() out of
do_child() and into do_setusercontext(), which is where the uids/gids are set
to the final execution user. The call is made with a NULL tty, and this
is functional provided that any later pty allocation uses grantpty() to
set the device permissions. Logging in with this method shows that a utmp
entry does get made for
2018 Nov 29
2
Where to implement user limit settings ?
Hello,
I'm trying to implement setting of user limits (ulimit) in sshd. I'm
not using PAM so I need it in the sshd itself. The task is very simple -
just to put one line calling setup_limits(pw); and link with -lshadow.
But the problem is, where to put this line. I did it in session.c,
in do_child(), like this:
#ifdef HAVE_OSF_SIA
session_setup_sia(pw, s->ttyfd == -1 ? NULL
2016 May 23
0
Re: [PATCH] umask: Use /proc/<PID>/status to read umask in Linux >= 4.7.
On Mon, May 23, 2016 at 12:12:21PM +0300, Roman Kagan wrote:
> On Sat, May 21, 2016 at 01:14:40PM +0100, Richard W.M. Jones wrote:
> > + path = safe_asprintf (g, "/proc/%d/status", getpid ());
>
> Why not "/proc/self/status"?
Hmm indeed why not :-(
I will fix it ...
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read
2016 May 21
1
[PATCH] umask: Use /proc/<PID>/status to read umask in Linux >= 4.7.
Since Linux 4.7, the process umask is available in /proc/<pid>/status.
See:
https://github.com/torvalds/linux/commit/3e42979e65dace1f9268dd5440e5ab096b8dee59
Use this value if available, else fall back to the existing codepath
for Linux <= 4.6 and other Unix.
---
src/umask.c | 86 +++++++++++++++++++++++++++++++++++++++++++++++++++++++------
1 file changed, 78 insertions(+), 8
2004 Aug 23
8
[Bug 918] ssh_gssapi_storecreds called to late to be usable by PAM in sesion.c
http://bugzilla.mindrot.org/show_bug.cgi?id=918
Summary: ssh_gssapi_storecreds called to late to be usable by PAM
in sesion.c
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: PAM support
AssignedTo:
2003 Jan 09
1
[PATCH] Allow multiple accounts on Windows 9x/Me
Hi,
the following patch by Pierre A. Humblet <Pierre.Humblet at ieee.org>
allows to use more than one uid on 9x/Me boxes which is currently
blocked due to the behaviour of Cygwin's security code. After this
patch is applied to sshd, we can safely change the affected code in
Cygwin.
Thanks,
Corinna
Index: session.c
===================================================================