your mail

Fri Jun 28 11:36:23 EST 2002

On Thu, Jun 27, 2002 at 08:21:14PM +0200, seth at kokos.cz wrote:

| Hi Phil,
| 
| answer to your questions:
| 
| > Which specific Slackware?  Too embarrassed to say?
| 
|   Really, really don't know exactly. :)
|   Installed approx. 5 yeras ago (maybe 4.5, 4.6, maybe 5.0 ... who knows now ... )

Sounds like about 3.6.  After 4.0 came 7.0.

| > Which OpenSSL?  0.9.6a?  0.9.6b?  0.9.6c?  0.9.6d?
| 
|   Only info I found is 0.9.6. Let's suppose it's 0.9.6. ;)

Probably doesn't matter.

| > How about telling me how long you're going to leave this machine
| > running such an old system?  Slackware 8.1 is out now.  Be sure
| > to get the "patches" directory, which includes OpenSSH 3.4p1.
| 
| As long as it will be able to make it's job. :) First, it's working 5
| years with only minor problems (patching from time to time). Second,
| I now have not regular access to HW of this machine so complete re-installing
| with new version is not possible. Nobody other will do that. It's
| configured and tuned. It's working. That's the point. We know it's
| old. Doesn't matter.

"It's working fine" is probably _the_ most common reason management
types refuse to allow security to be added to a server.  The fact is
it may be NOT working fine at all ... you just don't know that until
the cracker comes around.  So it probably does matter, if security is
an issue.  If it isn't, why are you trying to upgrade SSH?

Post your IP address.  I'm sure it will be cracked into very soon.
If you happen to get a really kind cracker, he'll re-install a new
version of Slackware for you (with his own backdoor, of course) just
to keep the other vultures from taking the kill.

| Speak francly I expected answer of type - upgrade kernel to version
| bla bla bla or list of versions and components required for
| successfull compilation.

More advanced features in newer kernels are needed.  Even 2.2 has
problems.  I expect 2.0 to have more problems.

| Let's look at problematic code in file monitor_fdpass.c:
[snip]

| Okay, compiler is complaining about CMSG_FIRSTHDR and CMSG_DATA. Where
| they are??? Shouldn't be in defines.h ??? (as CMSG_LEN) ... I was
| grepping for them in all files ... they are not there ...

They are defined by POSIX, not SSH.  Do "man cmsg" for more info.
I grepped for where they are defined and found:

/usr/include/bits/socket.h:# define CMSG_DATA(cmsg) ((cmsg)->__cmsg_data)
/usr/include/bits/socket.h:# define CMSG_DATA(cmsg) ((unsigned char *) ((struct cmsghdr *) (cmsg) + 1))
/usr/include/bits/socket.h:#define CMSG_FIRSTHDR(mhdr) \
/usr/include/bits/socket.h:#define CMSG_LEN(len)   (CMSG_ALIGN (sizeof (struct cmsghdr)) + (len))
/usr/include/linux/socket.h:#define CMSG_DATA(cmsg)     ((void *)((char *)(cmsg) + CMSG_ALIGN(sizeof(struct cmsghdr))))
/usr/include/linux/socket.h:#define CMSG_LEN(len) (CMSG_ALIGN(sizeof(struct cmsghdr)) + (len))
/usr/include/linux/socket.h:#define __CMSG_FIRSTHDR(ctl,len) ((len) >= sizeof(struct cmsghdr) ? \
/usr/include/linux/socket.h:#define CMSG_FIRSTHDR(msg)  __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
/usr/src/linux/include/linux/socket.h:#define CMSG_DATA(cmsg)   ((void *)((char *)(cmsg) + CMSG_ALIGN(sizeof(struct cmsghdr))))
/usr/src/linux/include/linux/socket.h:#define CMSG_LEN(len) (CMSG_ALIGN(sizeof(struct cmsghdr)) + (len))
/usr/src/linux/include/linux/socket.h:#define __CMSG_FIRSTHDR(ctl,len) ((len) >= sizeof(struct cmsghdr) ? \
/usr/src/linux/include/linux/socket.h:#define CMSG_FIRSTHDR(msg)        __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)

| Regards, Richard.
| 
| PS: Attaching config.log. Maybe will help you to identify the problem.

I can tell they are missing from your system.  That's why you'll need
to do some upgrading.

-- 
-----------------------------------------------------------------
| Phil Howard - KA9WGN |   Dallas   | http://linuxhomepage.com/ |
| phil-nospam at ipal.net | Texas, USA | http://phil.ipal.org/     |
-----------------------------------------------------------------