last output

From: Grzegorz Bakalarski (G.Bakalarski@icm.edu.pl)
Date: Wed Sep 15 2004 - 07:33:24 EDT

• Next message: De La Salle, Alex: "Sendmail error"
• Previous message: Jain, Rajeev: "bash history and search?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Dear All,

Since last patching (Recommended cluster on Aug 30th)
when I issue last command I can't see the address
from which a user came ... Before patching all worked fine.
I suspect that the problem is related to sshd update
(Patch-ID# 113273-08
Keywords: security sshd sftp-server integer overlow pam keyboard interactive
Synopsis: SunOS 5.9: /usr/lib/ssh/sshd Patch
Date: Aug/11/2004)

It was also mentioned in one posting in April 2004 on sunmanagers, but
it was related to openssh sshd ... See suummary of that report attached
at the end of e-mail

I'm using sshd distributed with solaris ...

When using ftp to the server, I get correct entry in wtmpx
and can see remote adress of a client ...

Is there any workaround (other than installing maybe correct
version of sshd from OpenSSH)?

Kind regards,

Grzegorz

PS. From Summary: by David Foster.

"Solution: (workaround)

  This turned out to be an OpenSSH problem! If OpenSSH (only tested
  versions 3.4p1 and 3.5p1) is compiled 64-bit it corrupts the
  /var/adm/wtmpx file upon first connection, possibly due to an
  inappropriate data-type (length) being used for one of the records
  of the structure written to this file (my guess).
  
  This problem occurs when compiling with gcc 3.2 or Sun Workshop 5.0.
  
  Compiling 32-bit (gcc 3.2 or Workshop 5.0) solved the problem.
  If anyone has time to peruse the code to determine what is
  doing the Wrong Thing please post your findings!

  Casper Dik referred to a more general problem with OpenSSH
  corrupting wtmpx:
  
     "There's a known problem with some versions of OpenSSH that
     corrupt utmpx/wtmpx. [...] I think it was caused by OpenSSH updating
     both utmp and utmpx; that has always been wrong (either update
     one or the other and the routines will make sure that the files
     are shadowed; with Solaris 8 utmp was removed and some of the
     code may have broken in those particular circumstances."
"
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: De La Salle, Alex: "Sendmail error"
• Previous message: Jain, Rajeev: "bash history and search?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:29:26 EDT