Potential Patch

Phil Dibowitz phil at usc.edu
Fri Jul 23 09:51:11 EST 2004


Hey folks,

Here at USC we have a few changes we make to the source code for various
reasons -- and we have to make them for each new version. I always shrugged
off sending a patch in because the changes felt very internal, but the more I
think about it, the more I think perhaps they would be good for the main tree.
Additionally, the more of this that gets into the main tree the easier
upgrades become for us, which is always a plus.

So if you would be willing to put the following changes into the main tree, I
will clean up my patch to 3.8p1 and send it in. Feed back welcome:

Changes:
1. Solaris BSM/Auditd supprt
This is properly ifdef'd out, and I added support in the autoconf stuff to
only enable it in Solaris. For those unfamiliar there is a special logging
system you can optionally enable in solaris that logs every occurance of a
certain (definable) subset of system calls. It has a kernel counterpart to
compliment the deamon that runs and ensure there is no tampering from
userspace. The root of the process tree must have an auditd handle, and then
every subprocess inherets it. So every login system (login, telnetd, ftpd,
rsh, etc.) in Solaris sets up the auditd handle -- and if openssh was started
by someone who logged in, it would work, but since its started by init,
nothing done via an openssh connection gets logged in auditd logs.

A co-worker wrote a small stub to initialize auditd support in sshd, and I
added the appropriate hooks (only about 10 lines), plus a few extra lines to
add "txt" entries (essentially comments so our security staff can more easily
sift through the somewhat hard-to-read logs. If interested, I need to
get approval from the guy who wrote the auditd stub, though I don't expect him
to mind. Having this in would be a hugely wonderful thing.

Sun's SSH adds this support to openssh, but theirs is usually too far behind
for my taste.


2. We add a logit() call for people doing "ssh host command" to log the user
and commadn (2 places in session.c). Requested by our security staff.
Currently my patch does not make this a configuration or compile time option,
but I could probably do that without too much work.


3. Makefile.in change to break up install a bit more. Currently it has an
"install" and "install-nokeys". I further broke it into "install"
"install-nokeys" and "install-nosysconf" which doesn't try to write anything
to the configuration directory (this could be useful when the person
installing doesn't have access to that dir, or doesn't want to write to it, or
its read-only, or...).


Thanks.

-- 
Phil Dibowitz
Systems Architect and Administrator
Enterprise Infrastructure / ISD / USC
UCC 174 - 213-821-5427

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040722/667af94f/attachment.bin 


More information about the openssh-unix-dev mailing list