Bug 283

Summary:

UsePrivilegeSeparation fails on AIX, Couldn't set usrinfo:

Product:

Portable OpenSSH

Reporter:

Jan-Frode Myklebust <janfrode>

Component:

sshd

Assignee:

OpenSSH Bugzilla mailing list <openssh-bugs>

Status:

CLOSED FIXED

Severity:

major

CC:

dtucker, pas50

Priority:

Version:

-current

Hardware:

PPC

OS:

AIX

Attachments:

Description	Flags
Manpage for AIX usrinfo(). Needed to setup proper user context for some legacy AIX applications.	none

Description Jan-Frode Myklebust 2002-06-22 07:51:20 AEST

OpenSSH 3.3p1 fails on AIX5.1 with UsePrivilegeSeparation enabled. If the server
is running with '-d' the client prints /etc/motd and then dies with the message:

Couldn't set usrinfo: Operation not permitted.
debug1: Calling cleanup 0x2002a5ec(0x20032b58)
debug1: Calling cleanup 0x2002a430(0x0)
Connection to en closed by remote host.
Connection to en closed.

Commenting out:

        if (usrinfo(SETUINFO, cp, i) == -1)
                fatal("Couldn't set usrinfo: %s", strerror(errno));

from openbsd-compat/port-aix.c

The man-page for userinfo() states that:

"EPERM The Command parameter is set to SETUINFO, and the calling process does
not have root user authority."

so I'm guessing the privilege separated OpenSSH tries to call this as a normal
user (or the sshd user?).


   -jf

Comment 1 Jan-Frode Myklebust 2002-06-22 09:00:05 AEST

hmm, I lost part of a sentence there.. I meant to say that commenting out:

        if (usrinfo(SETUINFO, cp, i) == -1)
                fatal("Couldn't set usrinfo: %s", strerror(errno));

from openbsd-compat/port-aix.c makes sshd function with UsePrivilegeSeparation
enabled.

Comment 2 Ben Lindstrom 2002-06-22 10:17:25 AEST

Can I get a manpage for usrinfo() ?  I know I've seen it before but I have to 
see why we are doing it and what privsep stuff that may have to be wrapped 
around it.

Comment 3 Jan-Frode Myklebust 2002-06-22 19:48:51 AEST

   http://tre.ii.uib.no/doc_link/en_US/a_doc_lib/libs/basetrf2/usrinfo.htm

Comment 4 Gert Doering 2002-06-22 22:16:27 AEST

Created attachment 117 [details]
Manpage for AIX usrinfo().  Needed to setup proper user context for some legacy AIX applications.

Comment 5 Darren Tucker 2002-06-26 13:21:23 AEST

The fix for this was just committed to CVS by Ben:

$ cvs log session.c
[snip]
revision 1.205
date: 2002/06/25 17:12:27;  author: mouring;  state: Exp;  lines: +6 -3
20020626
 - (bal) moved aix_usrinfo() and noted not setting real TTY.  Patch by
   dtucker@zip.com.au
[snip]

Be aware that this will now set TTY to a null value in the system environment 
(use "setsenv" to view). It's possible that this will cause problems with 
"legacy" apps but there are no known cases at the moment.

Comment 6 Darren Tucker 2002-06-26 13:22:46 AEST

*** Bug 270 has been marked as a duplicate of this bug. ***

Comment 7 Damien Miller 2004-04-14 12:24:18 AEST

Mass change of RESOLVED bugs to CLOSED