20020514
- (stevesk) [README.privsep] PAM+privsep works with Solaris 8.
+ - (tim) [sshpty.c] set tty modes when allocating old style bsd ptys to
+ match what newer style ptys have when allocated. Based on a patch by
+ Roger Cornelius <rac@tenzing.org>
+ [README.privsep] UnixWare 7 and OpenUNIX 8 work.
20020513
- (stevesk) add initial README.privsep
# groupadd sshd
# useradd -g sshd sshd
+If you are on UnixWare 7 or OpenUNIX 8 do this additional step.
+ # ln /usr/lib/.ns.so /usr/lib/ns.so.1
+
/var/empty should not contain any files.
configure supports the following options to change the default
Privsep requires operating system support for file descriptor passing
and mmap(MAP_ANON).
+OpenSSH is known to function with privsep on UnixWare 7 and OpenUNIX 8
PAM-enabled OpenSSH is known to function with privsep on Linux and
Solaris 8. It does not function on HP-UX with a trusted system
configuration. PAMAuthenticationViaKbdInt does not function with
const char *ptyminors = "0123456789abcdef";
int num_minors = strlen(ptyminors);
int num_ptys = strlen(ptymajors) * num_minors;
+ struct termios tio;
for (i = 0; i < num_ptys; i++) {
snprintf(buf, sizeof buf, "/dev/pty%c%c", ptymajors[i / num_minors],
close(*ptyfd);
return 0;
}
+ /* set tty modes to a sane state for broken clients */
+ if (tcgetattr(*ptyfd, &tio) < 0)
+ log("Getting tty modes for pty failed: %.100s", strerror(errno));
+ else {
+ tio.c_lflag |= (ECHO | ISIG | ICANON);
+ tio.c_oflag |= (OPOST | ONLCR);
+ tio.c_iflag |= ICRNL;
+
+ /* Set the new modes for the terminal. */
+ if (tcsetattr(*ptyfd, TCSANOW, &tio) < 0)
+ log("Setting tty modes for pty failed: %.100s", strerror(errno));
+ }
+
return 1;
}
return 0;