[AIX/IBMers read] Re: AIX and Privsep.

Ben Lindstrom mouring at etoh.eviladmin.org
Thu Jul 4 11:59:11 EST 2002


On Thu, 4 Jul 2002, Darren Tucker wrote:

> Ben Lindstrom wrote:
> > Outside the patch I just sent.  *IS* there any other open bugs, issues
> > or problems with AIX and Privsep.
>
> Not that I'm aware of.
>
> > Or with AIX in general?
>
> All of the issues I'm aware of are in Bugzilla.
>
> The most important is not incrementing the failed login count, which
> allows password-guessing attacks:
> http://bugzilla.mindrot.org/show_bug.cgi?id=145
>

applied, but Konqueror is crashing too much to close it.  Close the report
if the problem goes away.

> A macro name collision that prevents compiling with the native compiler:
> http://bugzilla.mindrot.org/show_bug.cgi?id=265
>

I was looking at that.  I don't see a problem with it.   Unless anyone in
the portable group objects I'll commit it in a day or so.

> There's a few others where the resolution isn't clear.
>

The one about bad realpath().  I really need to get back and verify my
hack of OpenBSD realpath().  Maybe there is a less complex one that is
under BSD license that can be suggested.  I know the one in the OpenBSD
tree strings along about 5 or 6 more files to get it to work.  Which may
be overkill.

The others I don't see a resolution without some way of being able to
verify it on another platform.  I'm really not interested in any more
wierd hacks.

Can someone from IBM that is lurking on the list dedicate yourself to
looking at http://bugzilla.mindrot.org at the unresolved (there are like
4 counting the two we are talking about that will be closed soon) and
advise?

> > I want to close out that platform and move to a new platform to work on.
>
> Thanks for your work so far!
>
> > Does all AIX versions have a tolerable mmap()?
>
> Depending on what you mean, I think so. 4.[23].x have MAP_ANONYMOUS and
> MAP_SHARED and seem to work.
> I don't have access to 5.1 but I suspect the same applies.
>

I assume nothing lower then 4.x is really in production any more?

- Ben




More information about the openssh-unix-dev mailing list