[Bug 296] Priv separation does not work on OSF/1

Markus Friedl markus at openbsd.org
Wed Jun 26 02:49:25 EST 2002


just a fyi: 
it seems that fd-passing is broken on DEC OSF/1 DU-4.0d

so something like

> --- ../openssh-3.3/sshd.c       Fri Jun 21 01:05:56 2002
> +++ ./sshd.c    Fri Jun 21 21:17:37 2002
> @@ -596,7 +596,11 @@
>         /* XXX - Remote port forwarding */
>         x_authctxt = authctxt;
>
> +#ifdef DEC_OSF...
> +       if (1) {
> +#else
>         if (authctxt->pw->pw_uid == 0 || options.use_login) {
> +#endif
>                 /* File descriptor passing is broken or root login */
>                 monitor_apply_keystate(pmonitor);
>                 use_privsep = 0;
>

could help (it turns of privsep for post-auth, but
you still get protection against a certain class of attacks).

-m



More information about the openssh-unix-dev mailing list