From: Ricardo \(Tru64 User\) (tru64user@yahoo.com)
Date: Wed Sep 17 2003 - 15:54:44 EDT
I have received a patch from Chris Adams (thanks
much)...and i will attach it here....I have not tested
it yet.
Others suggested osfsia=yes...but i do not have osfsia
on this machine, so even a compile wont work.
thanks all who replied.
_thanks
--- "Ricardo (Tru64 User)" <tru64user@yahoo.com>
wrote:
> Hi All,
> I have openssh3.6p1 running fine....and wanted to
> upgrade to 3.7p1 because of vulnerability with
> 3.6p1.
> this is on Tru64v5.1
>
> ./configure --with-osfsia=no;gmake;gmake install
>
> all went OK, but then I cannot login anymore....It
> accepts the username, passwd, then exits...logs on
> 5.1host show message below. Any clues/hints?
>
>
> Sep 17 14:47:40 datasrv sshd[46726]: fatal:
> permanently_set_uid: was able to restore old [e]uid
> Sep 17 14:53:59 datasrv sshd[46735]: Accepted
> password
> for stud126 from 192.168.0.7 port 2647 ssh2
> Sep 17 14:53:59 datasrv sshd[46770]: fatal:
> permanently_set_uid: was able to restore old [e]uid
>
> _Thanks
>
> Richard
Yes, setreuid() and setregid() do not work right on
Tru64. Here is a
patch for 3.7p1 (should also apply to 3.7.1p1 but I
haven't had a
chance
to test yet). This has also been submitted and should
appear in the
next version of OpenSSH.
--
Chris Adams
Systems and Network Administrator - HiWAAY Internet
Services
I don't speak for anybody but myself - that's enough
trouble.
diff -urN openssh-3.7p1-dist/auth-sia.c
openssh-3.7p1/auth-sia.c
--- openssh-3.7p1-dist/auth-sia.c Mon Jun 2 19:25:48
2003
+++ openssh-3.7p1/auth-sia.c Tue Sep 16 14:02:56 2003
@@ -80,6 +80,7 @@
{
SIAENTITY *ent = NULL;
const char *host;
+ uid_t uid;
host = get_canonical_hostname(options.use_dns);
@@ -103,8 +104,11 @@
sia_ses_release(&ent);
- if (setreuid(geteuid(), geteuid()) < 0)
- fatal("setreuid: %s", strerror(errno));
+ uid = geteuid();
+ if (setuid(0) < 0)
+ fatal("setuid: %s", strerror(errno));
+ if (setuid(uid) < 0)
+ fatal("setuid: %s", strerror(errno));
}
#endif /* HAVE_OSF_SIA */
diff -urN openssh-3.7p1-dist/configure
openssh-3.7p1/configure
--- openssh-3.7p1-dist/configure Tue Sep 16 01:19:17
2003
+++ openssh-3.7p1/configure Tue Sep 16 14:11:31 2003
@@ -4532,6 +4532,18 @@
EOF
cat >>confdefs.h <<\EOF
+#define SETEUID_BREAKS_SETUID 1
+EOF
+
+ cat >>confdefs.h <<\EOF
+#define BROKEN_SETREGID 1
+EOF
+
+ cat >>confdefs.h <<\EOF
+#define BROKEN_SETREUID 1
+EOF
+
+ cat >>confdefs.h <<\EOF
#define DISABLE_LOGIN 1
EOF
diff -urN openssh-3.7p1-dist/configure.ac
openssh-3.7p1/configure.ac
--- openssh-3.7p1-dist/configure.ac Tue Sep 16
00:48:15 2003
+++ openssh-3.7p1/configure.ac Tue Sep 16 14:03:51
2003
@@ -395,6 +395,9 @@
fi
AC_DEFINE(DISABLE_FD_PASSING)
AC_DEFINE(BROKEN_GETADDRINFO)
+ AC_DEFINE(SETEUID_BREAKS_SETUID)
+ AC_DEFINE(BROKEN_SETREUID)
+ AC_DEFINE(BROKEN_SETREGID)
AC_DEFINE(LOCKED_PASSWD_SUBSTR, "Nologin")
;;
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:36 EDT