* * * * *

                It's open source, so at least I got it working

Yet more exploits against OpenSSH [1] according to Mark [2] so I should
upgrade. Thanks to a suggestion from Mark, I was able to get OpenSSH 3.4p1
[3] compiled and running, with privledge separation under Linux 2.0 [4]
(technically, 2.0.36 and 2.0.39):

-----[ C ]-----
#ifdef HAVE_MMAP_ANON_SHARED
#  ifdef USE_MMAP_DEV_ZERO
       {
         int fh;

         fh = open("/dev/zero",O_RDWR);
         if (fh == -1)
               fatal("mmap(`/dev/zero'): %s",strerror(errno));

         address = mmap(NULL,size,PROT_WRITE|PROT_READ,MAP_PRIVATE,fh,0);
         if (address == MAP_FAILED)
               fatal("mmap(%lu,%d): %s",(u_long)size,fh,strerror(errno));
       }
#  else
       address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
           -1, 0);
       if (address == MAP_FAILED)
               fatal("mmap(%lu): %s", (u_long)size, strerror(errno));
#  endif
#else
       fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
           __func__);
#endif
-----[ END OF LINE ]-----

modified openssh-3.4p1/monitor_mm.c:87-109

I had to define USE_MMAP_DEV_ZERO and BROKEN_FD_PASSING in openssh-
3.4p1/config.h to get this working. But working it is, thankfully.

[1] http://www.openssh.org/
[2] http://www.conman.org/people/myg/
[3] http://www.openssh.org/portable.html
[4] gopher://gopher.conman.org/0Phlog:2002/06/25.1

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.