similar to: [PATCH] Expand tilde for UNIX domain socket forwards.

When forwarding a Unix-domain socket, the remote socket path must be absolute (otherwise the forwarding fails later). However, guessing absolute path on the remote end is sometimes not straightforward, because the file system location may vary for many reasons, including the system installation, the choices of NFS mount points, or the remote user ID. To allow ssh clients to request remote socket

https://bugzilla.mindrot.org/show_bug.cgi?id=2601 Bug ID: 2601 Summary: StreamLocalBindUnlink not working Product: Portable OpenSSH Version: 7.2p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

Thanks for testing - are you able to see if there's anything in the server logs? I've just committed some extra verbosity in the client's log messages that might clarify where it is exiting (patch attached). -d On Fri, 29 Mar 2019, Adam Eijdenberg wrote: > On Wed, Mar 27, 2019 at 10:04 PM Damien Miller <djm at mindrot.org> wrote: > > > > OpenSSH 8.0p1 is almost

On Mon, 17 Aug 2015, Todd C. Miller wrote: > I like the idea but tilde_expand_filename() calls fatal() if it > cannot resolve ~foo. This is not terrible when using -L and -R on > the normal command line but it seems pretty harsh to exit when -L > or -R are used via the ~C escape or the streamlocal-forward at openssh.com > request. > Message-Id: <aea6cdc1d1b42d07 at

Just forwarding this changelog from yesterday. xcs now uses Unix domain sockets in unstable. This was a hot thread a couple months back with strong opinions on both sides and no clear resolution on the list, so I thought some people might like to know the developers'' resolution. This should be good news for those seeking tighter dom0''s, particularly those who

I just found a vulnerability in one of my web apps that was running Mongrel 1.1.2 where I could go to URIs like /.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/.%252e/etc/passwd and it would serve the actual /etc/passwd file. The issue seems to be in lib/mongrel/handlers.rb in the change from 1.0.3 to 1.0.4 req_path = HttpRequest.unescape(path_info) - if @path - req_path =

This adds support for systemd socket-based activation in the ssh-agent. When using socket activation, the -a flag value must match the socket path provided by systemd, as a sanity check. Support for this feature is enabled by the --with-systemd configure flag. --- Something tells me upstream would not be interested in this patch, but as it may be useful on linux, I'm submitting it here.

So, we just found some ugly behaviour of OpenSSH on Solaris. Sometimes, it seems, sshd gets started with SIGCHLD blocked, this, apparently, being the setting of sshd's parent (a shell no doubt); signal blocking is inherited across exec*(). I don't know exactly which shell, or what really is at fault, but it happens. The problem is that the code in collect_children() first blocks SIGCHLD

On Tue, 3 May 2016, Rogan Dawes wrote: > Hi Damien, > Thanks for the response! > > I tried moving the StreamLocalBindUnlink directive outside of the Match > rule, and it worked. But that doesn't explain why the Match was not > correctly setting the directive: > > This is running on an alternate port with -ddd: > > debug3: checking match for 'User

The Wine development release 2.0-rc2 is now available. What's new in this release (see below for details): - Bug fixes only, we are in code freeze. The source is available from the following locations: http://dl.winehq.org/wine/source/2.0/wine-2.0-rc2.tar.bz2 http://mirrors.ibiblio.org/wine/source/2.0/wine-2.0-rc2.tar.bz2 Binary packages for various distributions will be available

The Wine development release 3.9 is now available. What's new in this release (see below for details): - OpenGL core contexts enabled by default in Direct 3D. - Beginnings of Direct 3D 12 implementation using vkd3d. - More support for the Task Scheduler. - Some more Task Dialog support. - Better arrow support in GdiPlus. - Various bug fixes. The source is available from the

Hello, I manage OpenSSH on a dozen or so servers that act as gateways for a large amount of developers and system administrators. On these servers it is common for there to be more than 1000 active X11 forwards active at peak usage. Beyond ~1000 active X11 forwards, sshd will fail to bind additional ports due to a hard coded range check in channels.c that limits the port range that sshd will

Hi, The name of the identity file defaults to what fill_default_options() in readconf.c does: SSH_PROTO_1: "~/%.100s", _PATH_SSH_CLIENT_IDENTITY SSH_PROTO_2: "~/%.100s", _PATH_SSH_CLIENT_ID_RSA "~/%.100s", _PATH_SSH_CLIENT_ID_DSA Identity files are always expanded by tilde_expand_filename() which gets the name of the home directory from

https://bugzilla.mindrot.org/show_bug.cgi?id=2481 Bug ID: 2481 Summary: Tilde expansion in -i option inconsistent Product: Portable OpenSSH Version: 6.6p1 Hardware: All OS: Linux Status: NEW Severity: trivial Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org

Hi, OpenSSH 8.0p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

Hi, getpwuid is called as seen in the patch, and is then called again indirectly by tilde_expand_filename without first copying off the results from the first call. This is fatal on MacOSX (and it would seem it should be fatal elsewhere, too). Please CC me in replies; I'm not a subscriber. --- openssh-4.4p1/ssh.c 2006-09-01 22:32:40.000000000 -0700 +++ openssh-4.4p1-fix/ssh.c

http://bugzilla.mindrot.org/show_bug.cgi?id=623 Summary: ssh, ssh-keygen and possibly others do not honour $HOME Product: Portable OpenSSH Version: 3.6.1p2 Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: openssh-bugs at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1377 Summary: getpwuid called twice without pwcopy (percent_expand: NULL replacement) Classification: Unclassified Product: Portable OpenSSH Version: 4.4p1 Platform: ix86 OS/Version: Mac OS X Status: NEW Severity: major Priority: P2

Hello, we've run a coverity scan on the openssh sources and it found several issues. Although the scan was run on patched rhel sources, some results are applicable to vanilla sources too. * servconf.c:1458:dead_error_line ? Execution cannot reach this statement "*intptr = *intptr + 1;" --- a/servconf.c +++ b/servconf.c @@ -1451,12 +1451,8 @@

Hi, I saw in archive that some people made a patch to sftp-server, and that patch sets a root path. I'd like to know if there's an ideia to apply that patch in main tree of openssh? With the use of SSHFS [wich uses sftp-server], it would be interesting to have someting like that, because as we have netboot workstations, the access to devices [such as, floppy, cdrom and usb data] are