diff options
author | Tim Rice <tim@multitalents.net> | 2002-05-13 17:07:18 -0700 |
---|---|---|
committer | Tim Rice <tim@multitalents.net> | 2002-05-13 17:07:18 -0700 |
commit | 1e28c9e6bad1bd601606b6a6a3d6aa4ca441d21d (patch) | |
tree | 57a9a87316afb218a5a630bdd5174b24088ae34a | |
parent | f8defa2327a1ff265e7b4229e3adc97fc9f82594 (diff) | |
download | openssh-git-1e28c9e6bad1bd601606b6a6a3d6aa4ca441d21d.tar.gz |
20020514
[sshpty.c] set tty modes when allocating old style bsd ptys to
match what newer style ptys have when allocated. Based on a patch by
Roger Cornelius <rac@tenzing.org>
[README.privsep] UnixWare 7 and OpenUNIX 8 work.
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | README.privsep | 6 | ||||
-rw-r--r-- | sshpty.c | 14 |
3 files changed, 24 insertions, 2 deletions
@@ -1,5 +1,9 @@ 20020514 - (stevesk) [README.privsep] PAM+privsep works with Solaris 8. + - (tim) [sshpty.c] set tty modes when allocating old style bsd ptys to + match what newer style ptys have when allocated. Based on a patch by + Roger Cornelius <rac@tenzing.org> + [README.privsep] UnixWare 7 and OpenUNIX 8 work. 20020513 - (stevesk) add initial README.privsep @@ -582,4 +586,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2115 2002/05/13 23:31:09 stevesk Exp $ +$Id: ChangeLog,v 1.2116 2002/05/14 00:07:18 tim Exp $ diff --git a/README.privsep b/README.privsep index 51a4e3f6..aed43acd 100644 --- a/README.privsep +++ b/README.privsep @@ -20,6 +20,9 @@ prepare the privsep preauth environment: # groupadd sshd # useradd -g sshd sshd +If you are on UnixWare 7 or OpenUNIX 8 do this additional step. + # ln /usr/lib/.ns.so /usr/lib/ns.so.1 + /var/empty should not contain any files. configure supports the following options to change the default @@ -31,6 +34,7 @@ privsep user and chroot directory: Privsep requires operating system support for file descriptor passing and mmap(MAP_ANON). +OpenSSH is known to function with privsep on UnixWare 7 and OpenUNIX 8 PAM-enabled OpenSSH is known to function with privsep on Linux and Solaris 8. It does not function on HP-UX with a trusted system configuration. PAMAuthenticationViaKbdInt does not function with @@ -51,4 +55,4 @@ process 1005 is the sshd process listening for new connections. process 6917 is the privileged monitor process, 6919 is the user owned sshd process and 6921 is the shell process. -$Id: README.privsep,v 1.2 2002/05/13 23:31:10 stevesk Exp $ +$Id: README.privsep,v 1.3 2002/05/14 00:07:18 tim Exp $ @@ -199,6 +199,7 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) const char *ptyminors = "0123456789abcdef"; int num_minors = strlen(ptyminors); int num_ptys = strlen(ptymajors) * num_minors; + struct termios tio; for (i = 0; i < num_ptys; i++) { snprintf(buf, sizeof buf, "/dev/pty%c%c", ptymajors[i / num_minors], @@ -223,6 +224,19 @@ pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, int namebuflen) close(*ptyfd); return 0; } + /* set tty modes to a sane state for broken clients */ + if (tcgetattr(*ptyfd, &tio) < 0) + log("Getting tty modes for pty failed: %.100s", strerror(errno)); + else { + tio.c_lflag |= (ECHO | ISIG | ICANON); + tio.c_oflag |= (OPOST | ONLCR); + tio.c_iflag |= ICRNL; + + /* Set the new modes for the terminal. */ + if (tcsetattr(*ptyfd, TCSANOW, &tio) < 0) + log("Setting tty modes for pty failed: %.100s", strerror(errno)); + } + return 1; } return 0; |