similar to: [PATCH -next] xen: fix header export to userspace

changeset: 30726:2a6fda4e7dde1a0a5d29a62303e85bcea868eb47 tag: tip user: Jimi Xenidis <jimix@watson.ibm.com> date: Thu Jul 13 11:51:38 2006 -0400 files: drivers/xen/privcmd/Makefile drivers/xen/privcmd/compat_privcmd.c fs/compat_ioctl.c include/xen/public/privcmd.h description: [ppc] ioctl32() compat plumbing for xen calls The following patch deals with xen

I'm curious as to whether or not there is a way to restrict forwarded ports server side. For instance, I'm running an IRC server and am allowing users to connect via ssh forwarding (so I can take advantange of using openssh's public key method for authentication). Each client I tell to setup their ~/.ssh/config in a certain way, but the relevant line is: LocalForward 6667

When we use this pointer, we cast away the const modifier and modify the data. I think it was an accident to declare it as const. Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com> diff --git a/include/xen/privcmd.h b/include/xen/privcmd.h index a853168..58ed953 100644 --- a/include/xen/privcmd.h +++ b/include/xen/privcmd.h @@ -69,7 +69,7 @@ struct privcmd_mmapbatch_v2 {

When we use this pointer, we cast away the const modifier and modify the data. I think it was an accident to declare it as const. Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com> diff --git a/include/xen/privcmd.h b/include/xen/privcmd.h index a853168..58ed953 100644 --- a/include/xen/privcmd.h +++ b/include/xen/privcmd.h @@ -69,7 +69,7 @@ struct privcmd_mmapbatch_v2 {

Greetings, cvsup.uk.FreeBSD.org is outdated. I know this is not the proper list, but which one is? -- Best Wishes, Stefan Lambrev ICQ# 24134177

There are a couple of niggles with the sandboxing of the unprivileged child in the privsep code: the empty directory causes namespace pollution, and it requires care to ensure that it is set up properly and remains set up properly. The patch below (against the portable OpenSSH, although the patch against the OpenBSD version is very similar) replaces the fixed empty directory with one that is

On Thu, 2005-06-16 at 06:17 +0100, Keir Fraser wrote: > > I suggested that we simply mmap /dev/kmem for the xenstored to access > > the domain0 page for the moment. That doesn''t work: we''ll do something > > else. > > Just use xc_map_foreign_range(), as you would for mapping any other > domain''s xenstore page. So here''s my patch

put_user() may fail. In this case propagate error code from privcmd_ioctl_mmap_batch(). Signed-off-by: Vasiliy Kulikov <segooon at gmail.com> --- Compile tested. drivers/xen/xenfs/privcmd.c | 8 ++------ 1 files changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/xen/xenfs/privcmd.c b/drivers/xen/xenfs/privcmd.c index f80be7f..2eb04c8 100644 ---

put_user() may fail. In this case propagate error code from privcmd_ioctl_mmap_batch(). Signed-off-by: Vasiliy Kulikov <segooon at gmail.com> --- Compile tested. drivers/xen/xenfs/privcmd.c | 8 ++------ 1 files changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/xen/xenfs/privcmd.c b/drivers/xen/xenfs/privcmd.c index f80be7f..2eb04c8 100644 ---

There are a couple of races in sftp-server as this patch shows: --- sftp-server.c 28 Jan 2003 18:06:53 -0000 1.1.1.2 +++ sftp-server.c 5 Feb 2003 19:19:42 -0000 @@ -832,19 +832,22 @@ process_rename(void) { u_int32_t id; - struct stat st; char *oldpath, *newpath; - int ret, status = SSH2_FX_FAILURE; + int status; id = get_int(); oldpath = get_string(NULL); newpath = get_string(NULL);

If m.num is too large then the "m.num * sizeof(*m.arr)" multiplication could overflow and the access_ok() check wouldn't test the right size. Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com> --- Only needed in linux-next. diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c index 215a3c0..fdff8f9 100644 --- a/drivers/xen/privcmd.c +++ b/drivers/xen/privcmd.c

If m.num is too large then the "m.num * sizeof(*m.arr)" multiplication could overflow and the access_ok() check wouldn't test the right size. Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com> --- Only needed in linux-next. diff --git a/drivers/xen/privcmd.c b/drivers/xen/privcmd.c index 215a3c0..fdff8f9 100644 --- a/drivers/xen/privcmd.c +++ b/drivers/xen/privcmd.c

We have a system on which users are given a very restricted environment (their shell is a menu) where they should not be able to run arbitrary commands. However, because their shell is not statically linked, ld.so provides a nice clutch of holes for them to exploit. The patch below adds a new configuration option to sshd which quashes their attempts to set LD_PRELOAD etc. using ~/.ssh/environment

Here's another patch for people providing ssh access to restricted environments. We allow our users to use port forwarding when logging into our mail servers so that they can use it to fetch mail over an encrypted channel using clients that don't support TLS, for example fetchmail. (In fact, fetchmail has built-in ssh support.) However we don't want them connecting to other places

http://bugzilla.mindrot.org/show_bug.cgi?id=1349 Summary: race condition with ControlMaster=auto Product: Portable OpenSSH Version: 4.6p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: dot at dotat.at

Hello, We are using the AllowUsers feature of sshd and would like to control which users can ask for forwarding of which ports. E.g. when the user is foo, allow him to tunnel connections to bar:5678 and baz:7654, but no shell (or some dummy shell) and no other forwardings. Is such feature planned for the future? Would you accept such patch in the mainstream distribution? I would appreciate Cc:

Package: libxen-dev Version: 3.2.0-2 Severity: wishlist Tags: patch Hi, libvirt needs privcmd.h to build. Please apply. Thanks for building a libxen-dev package, -- Guido Index: xen-3-3.2.0/debian/libxen-dev.install =================================================================== --- xen-3-3.2.0.orig/debian/libxen-dev.install 2008-01-28 18:43:43.000000000 +0000 +++

Thanks. I have already previewed the xenctrl.h. The following is what I understand: libxc is compiled to a file name after 'xc**' endding with '.so', xend communicates with domain0 through xc and domain0 communicates with hypervisor through privcmd. What's the privcmd? ------------------ 原始邮件 ------------------ 发件人: "Wei

hello, if i start a transient guest doamin via "virsh create abcd.xml" i see an additional libvirt thread and also some open files: pstree -h `pgrep libvirtd` libvirtd───11*[{libvirtd}] libvirtd 3016 root 21w REG 253,0 6044 1052094 /var/log/libvirt/libxl/abcd.log libvirtd 3016 root 22r FIFO 0,8 0t0 126124 pipe libvirtd 3016 root

Hi! There''s a include path mistake when trying to build tools/libxc on OpenBSD: gcc -O2 -fomit-frame-pointer -m32 -march=i686 -DNDEBUG -std=gnu99 -Wall -Wstrict-prototypes -Wno-unused-value -D__XEN_TOOLS__ -Werror -fno-strict-aliasing -I. -Wp,-MD,.xc_core.o.d -c -o xc_core.o xc_core.c In file included from xc_private.h:18, from xg_private.h:16,