[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] RaQ2 openssh-3.4p1 monitor_fdpass.c:

Subject: Re: [cobalt-users] RaQ2 openssh-3.4p1 monitor_fdpass.c:
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Sat Jun 29 13:04:46 2002
Organization: Front Street Networks LLC
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Saturday 29 June 2002 03:35 pm, Glenn Parsons wrote:
>
> Think about it: the last known vulnerability took advantage of the daemon
> running as root (someone will correct me if I'm wrong on the user!!!), I am
> looking at an unpatched RaQ4 that does not have an sshd user in
> /etc/passwd. They need you to create an sshd user.

I tried making a user sshd like I found on the Inet, doesn't seem to work
=======
Create user and group 'sshd' by editing /etc/passwd, /etc/shadow,
and /etc/group. Make the user sshd member of the group sshd, and no other
groups. Set the home directory of the user to be /var/empty, and the shell
to /bin/false. Then create that special directory by running:
mkdir /var/empty &&
chown root:root /var/empty && chmod 755 /var/empty
=======
> I'll remember that. So what was the trick to complete the compilation?
> Perseverance?
used the 2nd patch at tye URL Jay gave, copied below
========
copy this text (between ==== )  to a file named patch
======================== patch =========================================
--- ./monitor_fdpass.c.orig-missing-scmrights2  Thu Jun  6 17:40:51 2002
+++ ./monitor_fdpass.c  Fri Jun 28 18:35:58 2002
@@ -24,6 +24,11 @@
  */
 #include "includes.h"
+
+#ifndef SCM_RIGHTS
+#define SCM_RIGHTS 0x01
+#endif /* SCM_RIGHTS */
+
 RCSID("$OpenBSD: monitor_fdpass.c,v 1.3 2002/06/04 23:05:49 markus Exp $");

 #include <sys/uio.h>
@@ -112,9 +117,12 @@
                fatal("%s: no fd", __func__);
 #else
        cmsg = CMSG_FIRSTHDR(&msg);
+#if 0
+        /* Linux kernel 2.0.x doesn't handle cmsg_type in recvmsg(). */
        if (cmsg->cmsg_type != SCM_RIGHTS)
                fatal("%s: expected type %d got %d", __func__,
                    SCM_RIGHTS, cmsg->cmsg_type);
+#endif /* 0 */
        fd = (*(int *)CMSG_DATA(cmsg));
 #endif
        return fd;
=====================================================================
# patch monitor_fdpass.c < patch

-- 
Gerald Waugh 
http://frontstreetnetworks.com  SOHO Networks & Web Site Hosting
Front Street Networks LLC     voice +1 203 785 0699 * fax +1 203 785 1787
229 Front Street, Ste. #C, New Haven CT 06513-3203

Follow-Ups:
- Re: [cobalt-users] RaQ2 openssh-3.4p1 monitor_fdpass.c:
  - From: Glenn Parsons
- Re: [cobalt-users] RaQ2 openssh-3.4p1 monitor_fdpass.c:
  - From: Gerald Waugh

References:
- Re: [cobalt-users] RaQ2 openssh-3.4p1 monitor_fdpass.c:
  - From: Glenn Parsons
- Re: [cobalt-users] RaQ2 openssh-3.4p1 monitor_fdpass.c:
  - From: Glenn Parsons

Prev by Date: Re: [cobalt-users] Dumb newbie question
Next by Date: Re: [cobalt-users] Dumb newbie question
Previous by thread: Re: [cobalt-users] RaQ2 openssh-3.4p1 monitor_fdpass.c:
Next by thread: Re: [cobalt-users] RaQ2 openssh-3.4p1 monitor_fdpass.c:

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index