OpenSSH 3.8.1p1: call for testing

Gert Doering gert at greenie.muc.de
Mon Apr 19 16:58:31 EST 2004 

Hi,

On Mon, Apr 19, 2004 at 09:54:40AM +1000, Darren Tucker wrote:
> > fixed by adding an explicit "extern int h_errno;" to that file.
> 
> I think we should have configure test for its presence rather than 
> (re)declaring it unconditionally.  Please try attached patch (you will 
> need to run "autoconf" before running configure).

Will try this tonight.

[..]
> > Doing individual tests leads to:
> > 
> >  - unprivileged ssh works fine (-1 and -2)
> > 
> >  - chmod 4711'ed ssh (for RhostsRSAAuthentication) is broken:
> > 
> > ------------- snip ------------------
> > gert at greenie:/u/softadm/openssh_cvs$ ./ssh -1 -v $targethost
> > OpenSSH_3.8.1p1, OpenSSL 0.9.6g 9 Aug 2002
> > debug1: Reading configuration data /etc/ssh_config
> > debug1: Connecting to $targethost [19.20.21.100] port 22.
> > rresvport: af=2 Permission denied
> > ssh: connect to host $targethost port 22: Permission denied
> > ------------- snip ------------------
> 
> Can't bind to a low port even with setuid? Not sure how to explain that 
> other than a broken kernel?

I assume it's some set*id() switching hickup.  With earlier openssh
versions, this is not an issue...:

------------- snip ------------------
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
debug1: Reading configuration data /etc/ssh_config
debug1: restore_uid
debug1: ssh_connect: getuid 0 geteuid 0 anon 0
debug1: Connecting to moebius2.space.net [195.30.1.100] port 22.
debug1: Allocated local port 912.
debug1: restore_uid
debug1: Connection established.
------------- snip ------------------

(I'm sure 3.5p1 worked fine as well, but seem to have lost its binary 
when running the recent tests)

> [snip sshv2 hang]
> >    (this is not a new thing - it was already in 3.6, but I haven't been
> >    able to figure out what's going on here)
> 
> There's a bug for this, but we (including the reporter) gave up on it 
> because we couldn't figure it out:
> http://bugzilla.mindrot.org/show_bug.cgi?id=651

Thanks.  Will look into it, maybe something rings a bell.

> >  - password authentication is completely broken - SCO uses SECUREWARE /
> >    "getprpwnam()" for "trusted computing base" password access, but
> >    the corresponding code from auth-passwd.c seems to have disappeared.
> > 
> >    I assume that a "CUSTOM_SYS_AUTH_PASSWD" module needs to be written
> >    to support SECUREWARE.
> 
> The getprpwname() stuff has just moved to openbsd-compat/xcrypt.c, 

Ah! I saw that module using "grep getprpwnam()", but didn't fully 
understand the code behind it.

> perhaps the #ifdef's aren't quite right?

config.h has

/* Define if you have SecureWare-based protected password database */
#define HAVE_SECUREWARE 1

so it "should" be right.

Will do more debugging tonight.

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert at net.informatik.tu-muenchen.de

More information about the openssh-unix-dev mailing list