The Boston Diaries

The ongoing saga of a programmer who doesn't live in Boston, nor does he even like Boston, but yet named his weblog/journal “The Boston Diaries.”

Go figure.

Friday, July 26, 2002

It's open source, so at least I got it working

Yet more exploits against OpenSSH according to Mark so I should upgrade. Thanks to a suggestion from Mark, I was able to get OpenSSH 3.4p1 compiled and running, with privledge separation under Linux 2.0 (technically, 2.0.36 and 2.0.39): 


#ifdef HAVE_MMAP_ANON_SHARED
#  ifdef USE_MMAP_DEV_ZERO
	{
	  int fh;

	  fh = open("/dev/zero",O_RDWR);
	  if (fh == -1)
	  	fatal("mmap(`/dev/zero'): %s",strerror(errno));
	
	  address = mmap(NULL,size,PROT_WRITE|PROT_READ,MAP_PRIVATE,fh,0);
	  if (address == MAP_FAILED)
	  	fatal("mmap(%lu,%d): %s",(u_long)size,fh,strerror(errno));
	}
#  else
 	address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED,
 	    -1, 0);
 	if (address == MAP_FAILED)
 		fatal("mmap(%lu): %s", (u_long)size, strerror(errno));
#  endif
#else
 	fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported",
 	    __func__);

modified openssh-3.4p1/monitor_mm.c:87-109

I had to define USE_MMAP_DEV_ZERO and BROKEN_FD_PASSING in openssh-3.4p1/config.h to get this working. But working it is, thankfully.

Obligatory Picture

About Captain Napalm

Obligatory Links

Obligatory Search Form

Clusty Search

Clusty Controls

Obligatory Twitter Updates

Obligatory Miscellaneous

You have my permission to link freely to any entry here. Go ahead, I won't bite. I promise.

The dates are the permanent links to that day's entries (or entry, if there is only one entry). The titles are the permanent links to that entry only. The format for the links are simple: Start with the base link for this site: http://boston.conman.org/, then add the date you are interested in, say 2000/08/01, so that would make the final URL:

http://boston.conman.org/2000/08/01

You can also specify the entire month by leaving off the day portion. You can even select an arbitrary portion of time.

You may also note subtle shading of the links and that's intentional: the “closer” the link is (relative to the page) the “brighter” it appears. It's an experiment in using color shading to denote the distance a link is from here. If you don't notice it, don't worry; it's not all that important.

It is assumed that every brand name, slogan, corporate name, symbol, design element, et cetera mentioned in these pages is a protected and/or trademarked entity, the sole property of its owner(s), and acknowledgement of this status is implied.

Copyright © 1999-2008 by Sean Conner. All Rights Reserved.

Listed on BlogShares