Problems with UsePrivilegeSeparation (was: port fwd as user != root?
Joshua Hill
josh-openssh at untruth.org
Wed May 29 03:49:23 EST 2002
On Tue, May 28, 2002 at 11:55:26AM +0800, Mathias Koerber wrote:
> I just upgraded to OpenSSH3.2.3p1
[snip]
> Without UsePrivilegeSeparation
> the server works fine.
[snip]
> mmap(65536)
[snip]
> mmap(0, 65536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) = -1
> EINVAL (Invalid argument)
> write(2, "mmap(65536)\r\n", 13) = 13
[snip]
> The kernel is a somewhat older Linux 2.2.13.
[snip]
Herein lies your problem.
The flag combination (MAP_SHARED|MAP_ANONYMOUS) is not supported in
the linux 2.2 kernels. Searching the linux-mm list archives reveals
that this can't be trivially added due the linux-2.2 VM's assumption
that all swap cache pages are read-only; see the linux-mm thread that
starts at http://mail.nl.linux.org/linux-mm/1999-01/msg00034.html for
some proposals for adding shared anonymous mappings to the linux 2.2 VM
that didn't quite work out
The linux-2.4 VM supports shared anonymous mappings. I'm not prepared
to move my production boxes to a 2.4 kernel, and it would seem that
adding shared anonymous mappings to the v2.2 VM is not a trivial matter.
All this being said, I'm really interested in using the Privilege
Separation feature of OpenSSH. As such, I'm going to try to add SYSV
IPC SHM support to openssh... Unless someone else beats me to it, of
course. :-)
Josh
More information about the openssh-unix-dev
mailing list