Problems with UsePrivilegeSeparation (was: port fwd as user != root?

Wed May 29 06:39:45 EST 2002

Please try the attached patch. It tests for a working mmap that
supports MAP_ANONYMOUS. You'll need autoconf 2.52 installed
Run autoreconf after applying the patch.

If you don't have autoconf 2.52 installed,
grab the new configure from
	http://www.multitalents.net/openssh/configure-map-anon.gz
or
	ftp://ftp.multitalents.net/pub/openssh/configure-map-anon.gz
and add the following line to config.h.in
#undef HAVE_MMAP


On Tue, 28 May 2002, Mathias Koerber wrote:

> I just upgraded to OpenSSH3.2.3p1 as it seemed that
> 	UsePrivilegeSeparation yes
> might help with my problem (connections forwarded
> are owned by root instead of the user I logged in as
> on the server), but instead, sshd barfs on receiving
> a connection. Without UsePrivilegeSeparation
> the server works fine.
[snip]
> mmap(0, 65536, PROT_READ|PROT_WRITE, MAP_SHARED|MAP_ANONYMOUS, -1, 0) = -1
> EINVAL (Invalid argument)
> write(2, "mmap(65536)\r\n", 13)         = 13
> write(2, "debug1: Calling cleanup 0x806a47"..., 40) = 40
> shutdown(5, 2 /* send and receive */)   = 0
> close(5)                                = 0
> _exit(255)                              = ?
>
>
> The kernel is a somewhat older Linux 2.2.13.
>
> regards

-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net

-------------- next part --------------

--- openssh/acconfig.h.old	Sun May 12 20:25:01 2002
+++ openssh/acconfig.h	Tue May 28 12:36:48 2002
@@ -355,6 +355,9 @@
 /* Path that unprivileged child will chroot() to in privep mode */
 #undef PRIVSEP_PATH
 
+/* Define if you have the `mmap' function. with working MAP_ANONYMOUS */
+#undef HAVE_MMAP
+
 @BOTTOM@
 
 /* ******************* Shouldn't need to edit below this line ************** */
--- openssh/configure.ac.old	Mon May 27 17:37:33 2002
+++ openssh/configure.ac	Tue May 28 12:26:38 2002
@@ -569,12 +569,34 @@
 	getaddrinfo getcwd getgrouplist getnameinfo getopt \
 	getrlimit getrusage getttyent glob inet_aton inet_ntoa \
 	inet_ntop innetgr login_getcapbool md5_crypt memmove \
-	mkdtemp mmap ngetaddrinfo openpty ogetaddrinfo readpassphrase \
+	mkdtemp ngetaddrinfo openpty ogetaddrinfo readpassphrase \
 	realpath recvmsg rresvport_af sendmsg setdtablesize setegid \
 	setenv seteuid setlogin setproctitle setresgid setreuid setrlimit \
 	setsid setvbuf sigaction sigvec snprintf socketpair strerror \
 	strlcat strlcpy strmode strsep sysconf tcgetpgrp truncate utimes \
 	vhangup vsnprintf waitpid __b64_ntop _getpty)
+
+AC_MSG_CHECKING([for mmap with working MAP_ANONYMOUS])
+AC_TRY_RUN(
+	[
+#include <stdio.h>
+#include <sys/mman.h>
+#if !defined(MAP_ANON) && defined(MAP_ANONYMOUS)
+#define MAP_ANON MAP_ANONYMOUS
+#endif
+main() { void *address;
+address = mmap(NULL, 10, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0);
+if (address == MAP_FAILED)
+	exit(1);
+exit(0);
+}
+	],
+	[
+		AC_MSG_RESULT(yes)
+		AC_DEFINE(HAVE_MMAP)
+	], 
+	[ AC_MSG_RESULT(no) ]
+)
 
 dnl IRIX and Solaris 2.5.1 have dirname() in libgen
 AC_CHECK_FUNCS(dirname, [AC_CHECK_HEADERS(libgen.h)] ,[
