Patch for OpenSSH/mmap() on Linux 2.2
Michael Bacarella
mbac at netgraft.com
Wed Jun 26 00:38:01 EST 2002
A colleague was having trouble running OpenSSH 3.3p on his server.
He, like many of us, has been clobbered by the mighty security penis
of Theo De Raadt into enabling "privsep".
But on some Linux 2.2 kernels, this is broken. Apparantly, OpenSSH "portable"
relies on non-POSIX compliant mmap() features.
Making the mmap() call in monitor_mm.c look something like this:
{
char template[40], c = 0;
int fd;
sprintf(template,"/tmp/sshd-XXXXXX");
fd = mkstemp(template);
unlink(template);
lseek(fd,(size/4096*4096*2)-1,SEEK_SET);
write(fd,&c,1);
address = mmap(NULL,size,PROT_WRITE|PROT_READ,MAP_SHARED,fd,0);
memset(address,0,size);
close(fd);
}
fixes it on his server. If you use this, it is, like everything else in
life, at your own risk.
I don't follow the list so I have no idea if this has been reported, fixed,
or otherwise dealt with. If you're going to respond to yell at me, do it off list.
--
Michael Bacarella | Netgraft Corporation
| 545 Eighth Ave #401
Systems Analysis | New York, NY 10018
Technical Support | 212 946-1038 | 917 670-6982
Managed Services | mbac at netgraft.com
More information about the openssh-unix-dev
mailing list