NeXT 3.3 vs openssh-2.5.1p1 (Couldn't restore privileges)
mouring at etoh.eviladmin.org
mouring at etoh.eviladmin.org
Sun Feb 25 09:49:38 EST 2001
On Sat, 24 Feb 2001, Jack Bryans wrote:
> Wanted to make openssh w/both -lwrap and BIND 8.2.3's -lbind on an m68k NeXT
> 3.3. Started w/then current openssh-2.3.0p1. Had to use -posix for
> compiler and loader to get -lbind to work, and had to throw out all openssh
> NeXT porting to get -posix to work. By the time I had it all working and
> installed, a security mailing list said there was a new openssh version
> released.
>
First off.. Don't use -posix. I've spent 7 months of my life replacing
broken posix functions in NeXT. You may get it to compile with -posix,
but it's not going to work right.
Secondly, why are you attempting to link to bind directly? What is wrong
with using the native resolving libraries?
> Bagged openssh-2.5.1p1, went thru it again, only to find ssh fatals out w/
> Couldn't restore privileges.
>
> Non-root suid ssh works just fine.
>
> An archive search shows others have the same problem. Haven't seen a
> diagnosis or patch yet.
>
I'm going to attempt to look at this today. I've just been overwelmed
recently. =)
> In the meantime, how bad would it be to #comment out the seteuid change and
> restore at the bottom of entropy.c?
>
Originally the seteuid code was not there. It was added to ensure that if
any bad information was in the prng file that it could not be used to
compromise the ssh client.
So it's up to you if you wish to comment it out.
- Ben
More information about the openssh-unix-dev
mailing list