[Bug 296] Priv separation does not work on OSF/1
Markus Friedl
markus at openbsd.org
Wed Jun 26 02:49:25 EST 2002
just a fyi:
it seems that fd-passing is broken on DEC OSF/1 DU-4.0d
so something like
> --- ../openssh-3.3/sshd.c Fri Jun 21 01:05:56 2002
> +++ ./sshd.c Fri Jun 21 21:17:37 2002
> @@ -596,7 +596,11 @@
> /* XXX - Remote port forwarding */
> x_authctxt = authctxt;
>
> +#ifdef DEC_OSF...
> + if (1) {
> +#else
> if (authctxt->pw->pw_uid == 0 || options.use_login) {
> +#endif
> /* File descriptor passing is broken or root login */
> monitor_apply_keystate(pmonitor);
> use_privsep = 0;
>
could help (it turns of privsep for post-auth, but
you still get protection against a certain class of attacks).
-m
More information about the openssh-unix-dev
mailing list