On 15 Apr 2000, Philip Hands wrote:
Attached is the diff that I have applied so far. Executive summary:
- You can set the SSH_PAM_SERVICE thru CFLAGS
- use vhangup in pty.c
- use '+' in ssh-agent getopt
> > 3. Why the excision of the BUF code in scp.c?
>
> http://cgi.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=53697
Forgive my ignorance, but why should writes larger than PIPE_BUF
size cause failures? Is it a problem with atomicity?
In any case, I won't merge the removal of all the buffer code as a
solution - I would rather add a hack to the allocation routine.
Keeping the diff size down is good for quality as well as my own
sanity. The OpenBSD team do a great job of auditing and cleaning up
the code, I don't want to go fudging that up :)
> > 4. I would prefer the shadow password checking to occur during
> > password auth - I consider the other forms of auth to be totally
> > seperate, but I can see your reasoning.
>
> Yeah, it's a shame that we need to mix them up, but without this you
> don't get account expiry, locked accounts etc. which leaves ssh as a
> loophole.
>
> > If you move this code to a seperate function in auth-passwd.c which
> > could be called before or during password auth I will include it.
>
> OK.
You should grab a copy of the test release at
http://violet.ibs.com.au/openssh/files/test/ It tracks a few large
changes to the OpenBSD tree, including the splitting of auth code into
a seperate file.
> BTW you might want to quickly scan the (embarrassingly vast) list of
> bugs reported against Debian ssh:
>
> http://www.debian.org/Bugs/db/pa/lssh.html
>
> I've been rather busy with the day job lately, so have not been doing
> much about these. At first glance, many of them are pretty valid
> upstream problems, so if you want to deal with some of them direct,
> mail me the numbers and I'll mark them as forwarded (so we don't end
> up duplicating effort).
I too have been pretty busy with Other Things, but I will try to look
at these as time permits. It would be appreciated if you could forward
any particularly pernicious bugs to me direct, esp any security
problems.
-d
--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)