[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: SSH stuff... (from slashdot)



On Tue, Jun 25, 2002 at 08:34:12AM -0400, Matthew Daubenspeck wrote:
> Is this true?

According to Wichert Akkerman on debian-security:

	"Actually our package contains a patch from Solar Designer to
	make privsep work on 2.2 kernels. It might still be broken on 2.0
	kernels though, but I have no concrete information on that."

Rob

> 
> -----Forward----
> The privilege separation code in OpenSSH 3.3 does not work with 2.2 Linux
> kernels.
> 
> It relies on mmap() semantics that aren't supported before kernel 2.4 (maybe
> 2.3.x). OpenSSH will configure, compile, and install successfully. It will
> start up, but it will NOT accept connections.
> 
> Your clients will get a "broken pipe" message, your syslog will get an
> "mmap: invalid parameter" message.
> 
> The solutions are:
> Upgrade to kernel 2.4 or higher.
>     
> Don't compile in Privilege Separation.
>     
> You might be able to compile privsep in and disable it, but I couldn't get
> this to work. Maybe I had a typo in my config file. I dunno.
> 
> 
> 
> I didn't see this anywhere until I dug into my syslog and then the OpenSSH
> mailing list. You have been warned.
> 
> If you do have kernel 2.4, you should read README.privsep in the openssh
> source distro, since you need to create a special directory and user/group
> for this (which also bit me in the butt...even if sshd had worked on 2.2,
> when I restarted it remotely, it didn't come back up because it didn't have
> that user...yeah, yeah, rtfm. :) )
> ----- End forwarded message -----



-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: