On Tue, Jun 25, 2002 at 08:34:12AM -0400, Matthew Daubenspeck wrote:
> Is this true?
According to Wichert Akkerman on debian-security:
"Actually our package contains a patch from Solar Designer to
make privsep work on 2.2 kernels. It might still be broken on 2.0
kernels though, but I have no concrete information on that."
Rob
>
> -----Forward----
> The privilege separation code in OpenSSH 3.3 does not work with 2.2 Linux
> kernels.
>
> It relies on mmap() semantics that aren't supported before kernel 2.4 (maybe
> 2.3.x). OpenSSH will configure, compile, and install successfully. It will
> start up, but it will NOT accept connections.
>
> Your clients will get a "broken pipe" message, your syslog will get an
> "mmap: invalid parameter" message.
>
> The solutions are:
> Upgrade to kernel 2.4 or higher.
>
> Don't compile in Privilege Separation.
>
> You might be able to compile privsep in and disable it, but I couldn't get
> this to work. Maybe I had a typo in my config file. I dunno.
>
>
>
> I didn't see this anywhere until I dug into my syslog and then the OpenSSH
> mailing list. You have been warned.
>
> If you do have kernel 2.4, you should read README.privsep in the openssh
> source distro, since you need to create a special directory and user/group
> for this (which also bit me in the butt...even if sshd had worked on 2.2,
> when I restarted it remotely, it didn't come back up because it didn't have
> that user...yeah, yeah, rtfm. :) )
> ----- End forwarded message -----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
