forked from rpms/openssh
- enable the subprocess in chroot to send messages to system log
- sshd should prevent login if audit call fails
This commit is contained in:
parent
b5e849f024
commit
e01ed66930
53
openssh-3.9p1-log-in-chroot.patch
Normal file
53
openssh-3.9p1-log-in-chroot.patch
Normal file
@ -0,0 +1,53 @@
|
||||
--- openssh-3.9p1/log.h.log-chroot 2006-02-22 10:54:04.000000000 +0100
|
||||
+++ openssh-3.9p1/log.h 2006-02-22 10:53:29.000000000 +0100
|
||||
@@ -63,4 +63,6 @@
|
||||
|
||||
void do_log(LogLevel, const char *, va_list);
|
||||
void cleanup_exit(int) __dead;
|
||||
+
|
||||
+void open_log(void);
|
||||
#endif
|
||||
--- openssh-3.9p1/log.c.log-chroot 2006-02-22 13:29:48.000000000 +0100
|
||||
+++ openssh-3.9p1/log.c 2006-02-22 10:56:01.000000000 +0100
|
||||
@@ -48,6 +48,7 @@
|
||||
static int log_on_stderr = 1;
|
||||
static int log_facility = LOG_AUTH;
|
||||
static char *argv0;
|
||||
+static int log_fd_keep;
|
||||
|
||||
extern char *__progname;
|
||||
|
||||
@@ -330,9 +331,20 @@
|
||||
syslog_r(pri, &sdata, "%.500s", fmtbuf);
|
||||
closelog_r(&sdata);
|
||||
#else
|
||||
+ if (!log_fd_keep) {
|
||||
openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility);
|
||||
+ }
|
||||
syslog(pri, "%.500s", fmtbuf);
|
||||
+ if (!log_fd_keep) {
|
||||
closelog();
|
||||
+ }
|
||||
#endif
|
||||
}
|
||||
}
|
||||
+
|
||||
+void
|
||||
+open_log(void)
|
||||
+{
|
||||
+ openlog(argv0 ? argv0 : __progname, LOG_PID|LOG_NDELAY, log_facility);
|
||||
+ log_fd_keep = 1;
|
||||
+}
|
||||
--- openssh-3.9p1/sshd.c.log-chroot 2006-01-11 13:42:32.000000000 +0100
|
||||
+++ openssh-3.9p1/sshd.c 2006-02-22 18:58:24.000000000 +0100
|
||||
@@ -565,6 +565,10 @@
|
||||
memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
|
||||
endpwent();
|
||||
|
||||
+ /* Open the syslog permanently so the chrooted process still
|
||||
+ can write to syslog. */
|
||||
+ open_log();
|
||||
+
|
||||
/* Change our root directory */
|
||||
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
|
||||
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
|
12
openssh.spec
12
openssh.spec
@ -58,7 +58,7 @@
|
||||
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
|
||||
Name: openssh
|
||||
Version: 4.3p2
|
||||
%define rel 2
|
||||
%define rel 3
|
||||
%if %{rescue}
|
||||
%define %{rel}rescue
|
||||
%else
|
||||
@ -84,7 +84,8 @@ Patch22: openssh-3.9p1-askpass-keep-above.patch
|
||||
Patch23: openssh-3.9p1-no-log-signal.patch
|
||||
Patch24: openssh-4.3p1-fromto-remote.patch
|
||||
Patch25: openssh-4.3p2-scp-print-err.patch
|
||||
Patch27: openssh-4.2p1-pam-no-stack.patch
|
||||
Patch26: openssh-4.2p1-pam-no-stack.patch
|
||||
Patch27: openssh-3.9p1-log-in-chroot.patch
|
||||
Patch30: openssh-4.0p1-exit-deadlock.patch
|
||||
Patch31: openssh-3.9p1-skip-used.patch
|
||||
Patch35: openssh-4.2p1-askpass-progress.patch
|
||||
@ -207,7 +208,8 @@ an X11 passphrase dialog for OpenSSH.
|
||||
%patch23 -p1 -b .signal
|
||||
%patch24 -p1 -b .fromto-remote
|
||||
%patch25 -p1 -b .print-err
|
||||
%patch27 -p1 -b .stack
|
||||
%patch26 -p1 -b .stack
|
||||
%patch27 -p1 -b .log-chroot
|
||||
%patch30 -p1 -b .exit-deadlock
|
||||
%patch31 -p1 -b .skip-used
|
||||
%patch35 -p1 -b .progress
|
||||
@ -452,6 +454,10 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Feb 24 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-3
|
||||
- enable the subprocess in chroot to send messages to system log
|
||||
- sshd should prevent login if audit call fails
|
||||
|
||||
* Tue Feb 21 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-2
|
||||
- print error from scp if not remote (patch by Bjorn Augustsson #178923)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user