similar to: sshd and pam_winbind (Samba)

Hello. I have discovered that mongrel does not correctly take on all the groups of the requested user/group combination. It seems that while the specified user and group is correctly activated, all the other groups that are associated with this user are not enabled and the group permissions remain the same as the caller (i.e. root). This problem (and solution) is discussed in the Ruby Forum:

Small respin of the patches that I posted a few days ago. The main difference is the reordering of the series to make it do the group and grouplist manipulation first, and then the patch that makes it grab the KRB5CCNAME from the initiating process. I think the code is sound, my main question is whether we really need the command-line switch for this. Should this just be the default mode of

Apologies for v3 series, I had some extra patches in there. This is the one that should have been sent. Relabeled as v4 for clarity. Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop

All, Could someone explain the purpose of the uidswap functions with respect to ssh ( the client ). From what I gathered , ssh installs as setuid root and swaps ids when reading potential key files that may be read only by root. Also , I think when binding to a privileged port ssh swaps id. Is that so? What are the consequnences if you do not install ssh setuid root? ( As far I as know no uid

Third respin of this series. Reordered for better safety for bisecting. The environment scraping is now on by default, but can be disabled with "-E" in environments where it's not needed. Also, I've added a patch to make cifs.upcall drop capabilities before doing most of its work. This may help reduce the attack surface of the program. Jeff Layton (4): cifs.upcall: convert

Package: logcheck-database Version: 1.2.33 Severity: normal I just installed 1.2.33, and it made my rules dirs setuid, not setgid... - Marc -- System Information: Debian Release: 3.1 APT prefers testing APT policy: (900, 'testing'), (300, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.6.8-1-k7 Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) Versions of

https://bugzilla.mindrot.org/show_bug.cgi?id=1412 Summary: Support for users in more than 16 groups on Mac OS X. Classification: Unclassified Product: Portable OpenSSH Version: 4.7p1 Platform: Other OS/Version: Mac OS X Status: NEW Severity: normal Priority: P2 Component: scp AssignedTo:

Hi, I installed 3.0.2p1 on our Solaris 8 systems this week (new to ssh), and when I look at the process list for sshd, I see: root 14547 1 0 10:35:29 ? 0:00 /opt/openssh/sbin/sshd root 14548 14547 0 10:35:36 ? 0:01 /opt/openssh/sbin/sshd Process 14547 is the deamon listening on port 22, but process 14548 is my connection from elsewhere. I consider it a design

Hello Porters, I am attempting to compile OpenSSH 2.9.9p2 on a Dynix V4.4.4 host. I have set USE_PIPES and BROKEN_SAVED_UIDS (the latter because there are no functions for set{eu,eg}id() that I can find). I configured with "./configure '--with-libs=-lnsl -lsec'". Each time I attempt to login, I get this error: No utmp entry. You must exec "login" from

The attached patch adds an option --drop-suid which caused rsync to drop setuid/setgid permissions from the destination files. ie, even if the source file is setuid, the target file will not be. Added as we want to rsync the same files to machines both inside and outside our firewalls. For machines inside the firewall some files should be suid, for machines outside the firewalls they should

Hi OpenSSH developers, I'm using OpenSSH on a daily basis and I'm very pleased with the work you've done. I am contributing to some Open Source software hosted at Savannah https://savannah.nongnu.org/projects/tsp and we recently hit some sftp unexpected behavior: https://savannah.gnu.org/support/?105838 when using chmod sftp client command it appears that setuid / setgid bits are

It has come to my attention that there are quite a few local exploits circling around in the private sector for GID Games. Several of the games have vanilla stack overflows in them which can lead to elevation of privileges if successfully exploited.

https://bugzilla.mindrot.org/show_bug.cgi?id=1893 Summary: change ssh-keisign to setgid from setuid Product: Portable OpenSSH Version: 5.8p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Miscellaneous AssignedTo: unassigned-bugs at mindrot.org

Hi all, I've just upgraded my old Solaris 10 update 8 to Solaris 10 update 11 with the latest patches, but after the reboot with the new update I'm having a lot of problems with dovecot. My version is 2.2.13 ( it was the last one, at the time of the first server setup ). I have seen that ( it seems ) the new solaris don't honour the LD_LIBRARY_PATH. The first error was a

Hi List, The Samba Howto Collection http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/AccessControls.html#id2611229 says: "When the set user or group ID bit (s) is set on a directory, then all files created within it will be owned by the user and/or group whose `set user or group' bit is set. " while i cannot repoduce this behavior the wikipedia says:

A Debian developer had this to say: > >> Files in the above dir are group mail, and the dir is group mail. However, > > > all binaries in /usr/lib/dovecot are root/root. I have set them all to g+s, > > > and group mail, and now the imap process can lock the INBOX. > > > > > imap should be the only one that needs to be setgid mail. > > Actually,

On 12/28/2016 01:43 AM, John Fawcett wrote: > On 12/28/2016 01:12 AM, Robert Moskowitz wrote: >> >> On 12/27/2016 07:06 PM, John Fawcett wrote: >>> On 12/28/2016 12:34 AM, Robert Moskowitz wrote: >>>> On 12/27/2016 05:44 PM, John Fawcett wrote: >>>>> That error should be caused by having MultiViews options but incorrect >>>>>

Chad reported that he was seeing a regression in cifs-utils-6.6. Prior to that, cifs.upcall was able to find credcaches in non-default FILE: locations, but with the rework of that code, that ability was lost. Unfortunately, the krb5 library design doesn't really take into account the fact that we might need to find a credcache in a process that isn't descended from the session. When the

Hi, I installed a Emailserver based on Debian Sarge, exim (4.50-8sarge2) and dovecot (1.0.rc2-1bpo1). Delivering Mails with Exim to my Maildir works fine. Because I want to filter my messages with Sieve, I tried to deliver mails with deliver, but get the following error message (example with a testmail and user "Debian-exim", not delivered via Exim): --8<-- dovecot: 2006-09-19

Hi, ? Did anyone tried static build of asterisk 1.6 version? Installation fails when tried with static build. warning: Using 'initgroups' in statically linked applications requires at runtime the shared libraries from the glibc version used for linking asterisk.o: In function `cli_prompt': warning: Using 'getgrgid' in statically linked applications requires at runtime the