Friday, July 26, 2002
It's open source, so at least I got it working
Yet more exploits against OpenSSH according to Mark so I should upgrade. Thanks to a suggestion from Mark, I was able to get OpenSSH 3.4p1 compiled and running, with privledge separation under Linux 2.0 (technically, 2.0.36 and 2.0.39):
#ifdef HAVE_MMAP_ANON_SHARED # ifdef USE_MMAP_DEV_ZERO { int fh; fh = open("/dev/zero",O_RDWR); if (fh == -1) fatal("mmap(`/dev/zero'): %s",strerror(errno)); address = mmap(NULL,size,PROT_WRITE|PROT_READ,MAP_PRIVATE,fh,0); if (address == MAP_FAILED) fatal("mmap(%lu,%d): %s",(u_long)size,fh,strerror(errno)); } # else address = mmap(NULL, size, PROT_WRITE|PROT_READ, MAP_ANON|MAP_SHARED, -1, 0); if (address == MAP_FAILED) fatal("mmap(%lu): %s", (u_long)size, strerror(errno)); # endif #else fatal("%s: UsePrivilegeSeparation=yes and Compression=yes not supported", __func__); #endif
modified openssh-3.4p1/monitor_mm.c:87-109
I had to define USE_MMAP_DEV_ZERO
and BROKEN_FD_PASSING
in
openssh-3.4p1/config.h
to get this working. But working it is,
thankfully.