Minor fixes for openssh-SNAP-20001028

Mark D. Roth roth at feep.net
Sat Nov 4 03:43:51 EST 2000 

On Mon Oct 30 15:16 2000 -0600, Mark D. Roth wrote:
> I've attached a patch for openssh-SNAP-20001028 which fixes the
> following two problems:

I haven't gotten any feedback on this patch, but I'd like to see it
included in the next release of portable OpenSSH.  Perhaphs I should
have expanded a bit on why these issues were problems.


> 1) I fixed fixpaths to complain instead of failing silently if it
>    can't write the output file.

I keep my source code on an NFS-mounted filesystem so that I can
access it from multiple machines.  The filesystem is not exported with
root permissions, for obvious security reasons.  Therefore, I run
configure and make as a non-root user with umask 022, followed by
su'ing and running make install.

Because make install tries to write files to the build directory, it
fails.  However, since fixpaths doesn't detect the failure, make
doesn't bail out until it tries to install the manpages, at which
point it complains that the .[01].out files don't exist.  As a result,
it takes some investigation to determine where the real cause of the
failure was.


> 2) I changed log-server.c to use av0 as the first argument to
>    openlog().  I also made sure it called openlog() before the TCP
>    wrapper stuff, because libwrap calls syslog() and winds up using
>    the wrong program name.

On most of our Production systems, we run two invokations of sshd.
The normal one is invoked as sshd and listens on port 22 for normal
user connections.  The additional one is invoked using a different
name, listens on a different port, allows a different set of
authentication mechansisms, and has a different daemon name for TCP
wrappers.  In this context, it makes sense to use the name that the
daemon was invoked as when sending syslog messages, so that you can
easily figure out which log messages are from which daemon.


I'd appreciate some feedback from the OpenSSH Portability Team as to
whether these changes will make it into the next release.  Thanks!

-- 
Mark D. Roth <roth at feep.net>
http://www.feep.net/~roth/

More information about the openssh-unix-dev mailing list