Problems with UsePrivilegeSeparation (was: port fwd as user != root?

Joshua Hill josh-openssh at untruth.org
Wed May 29 03:49:23 EST 2002


On Tue, May 28, 2002 at 11:55:26AM +0800, Mathias Koerber wrote:
> I just upgraded to OpenSSH3.2.3p1 
[snip]
> Without UsePrivilegeSeparation
> the server works fine.
[snip]
> mmap(65536)
[snip]
> mmap(0, 65536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) = -1
> EINVAL (Invalid argument)
> write(2, "mmap(65536)\r\n", 13)         = 13
[snip]
> The kernel is a somewhat older Linux 2.2.13.
[snip]

Herein lies your problem.  

The flag combination (MAP_SHARED|MAP_ANONYMOUS) is not supported in
the linux 2.2 kernels.  Searching the linux-mm list archives reveals
that this can't be trivially added due the linux-2.2 VM's assumption
that all swap cache pages are read-only; see the linux-mm thread that
starts at http://mail.nl.linux.org/linux-mm/1999-01/msg00034.html for
some proposals for adding shared anonymous mappings to the linux 2.2 VM
that didn't quite work out

The linux-2.4 VM supports shared anonymous mappings.  I'm not prepared
to move my production boxes to a 2.4 kernel, and it would seem that
adding shared anonymous mappings to the v2.2 VM is not a trivial matter.
All this being said, I'm really interested in using the Privilege
Separation feature of OpenSSH.  As such, I'm going to try to add SYSV
IPC SHM support to openssh... Unless someone else beats me to it, of
course. :-)

				Josh



More information about the openssh-unix-dev mailing list