WITH_IRIX_AUDIT causes error (fwd)

Michael Stone mstone at cs.loyola.edu
Fri Jul 21 12:06:18 EST 2000

On Fri, Jul 21, 2000 at 09:55:27AM +1000, Damien Miller wrote:
> I compiled and was able to run sshd. I started ssh as root and was able
> to get to my local host. I dropped down to a regular user and tried
> ssh again. I got the error
> error setting satid

Hmm. There should be more. (The relevant code in the patch was "error
setting satid: %.100s", strerror(errno). There should be a colon and
hopefully some more info.)

> I could see that if WITH_IRIX_AUDIT was not defined, the satsetid() call would not
> be made, and the error could be avoided. I looked for satsetid on my system
> and didn't find it. I am on Irix 6.4.

What is the output of the following (from the command line):
chkconfig | grep audit
sysconf | egrep AUDIT\|SAT

> 1) Is it still secure? (I'm guessing yes.)

Yes. The satid is only used for audit trails. (If you're using them, you
would know. They're really big :)

> 2) What should I install so that setsatid() is on my system?

For IRIX 6.4 it may be part of trusted IRIX. In IRIX 6.5 it's

> 3) Is there a better way for the configure to work, so as not to force this on?

Well, I've got a theory. The line that says 
	if (sysconf(_SC_AUDIT)) {
was based on the "here's how to make sure it works on all systems"
instructions. Serves me right to trust a manual. IRIX 6.4 probably
doesn't define _SC_AUDIT, and sysconf is returning -1 on error. Change
the above line to
	if (sysconf(_SC_AUDIT) == 1) {
I'm interested in the sysconf output above because the flag we're
looking for might have had a different name in IRIX 6.4, which would
make the check something like
	if (sysconf(_SC_AUDIT) == 1 || sysconf(_SC_SAT) == 1) {

Mike Stone

More information about the openssh-unix-dev mailing list