[Bug 296] Priv separation does not work on OSF/1

Ben Lindstrom mouring at etoh.eviladmin.org
Wed Jun 26 03:10:43 EST 2002


On Tue, 25 Jun 2002, Corinna Vinschen wrote:

> On Tue, Jun 25, 2002 at 06:49:25PM +0200, Markus Friedl wrote:
> >
> > just a fyi:
> > it seems that fd-passing is broken on DEC OSF/1 DU-4.0d
> >
> > so something like
> >
> > > --- ../openssh-3.3/sshd.c       Fri Jun 21 01:05:56 2002
> > > +++ ./sshd.c    Fri Jun 21 21:17:37 2002
> > > @@ -596,7 +596,11 @@
> > >         /* XXX - Remote port forwarding */
> > >         x_authctxt = authctxt;
> > >
> > > +#ifdef DEC_OSF...
>
> Thank you!  I didn't know that this is possible.  It also works
> on Cygwin then since descriptor passing is the actual problem
> preventing the usage of privsep on Cygwin.
>
> Would you mind to change that to
>
> #if defined (DEC_OSF) || defined (HAVE_CYGWIN)
>
> ???
>
> If I understand that correctly, privsep still works for preauth
> then.  Is it correct that this doesn't create a second sshd
> process?  At least I don't see one in the process list when
> privsep is on and the above patch applied.
>
> Corinna
>

#ifdef BROKEN_FD_PASSING

or something like that since it affects multiple platforms.

- Ben





More information about the openssh-unix-dev mailing list