OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Chris Jones (chriscjones.org)
Date: Wed Feb 14 2001 - 11:26:32 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    itojuniijlab.net writes:

    > >If there are new features (or especially bug fixes) in pkgsrc openssh
    > >(2.3) that aren't in 1.5's openssh (2.2), then we should make sure
    > >that pkgsrc openssh can install on a 1.5 system.
    >
    > (i think i have wrote similar item couple of times)

    :)

    > current situation is like this:
    >
    > current: 2.3.2 as of 2/14
    > 1.5: 2.2.0 with patch against razor advisory
    > pkgsrc/security/openssh: portable openssh 2.3.0p1
    > pkgsrc/security/ssh: ssh.com ssh 1.2.27 + patch against razor advisory

    Thanks for the clarification.

    > i've requested a pullup from current to 1.5 branch.

    But that won't help people who are running 1.5 and not tracking the
    release branch.

    > >If there are no such new features, then pkgsrc openssh should refuse
    > >to install on a 1.5 system, and it should give a clear explanation of
    > >why, to avoid confusion.
    >
    > i'm not sure about this. pkgsrc/security/openssh uses portable openssh
    > distribution. usr.bin/ssh uses non-portable (original from openbsd).
    > i can think of people who wants to install pkgsrc version for some
    > reason.

    ...and right now, they can't; it installs, but it fails to run on a
    stock 1.5 system.

    The thing is, I'm not sure what to do about it. However, since nobody
    else has made any suggestions, here's what I propose:

    1. On the 1.5 (and possibly -current) branch, make login_getclass(3)
        synthesize a "default" entry if /etc/login.conf doesn't exist or
        is empty. Possibly (on the -current branch) also syslog a warning
        in this case. Alter the man page to document this behavior.

    2. In pkgsrc, make openssh continue to work if login_getclass(3)
        returns NULL. Add this as a patch in the patches directory.
        Should this patch get submitted back to the OpenSSH folks?

    I'll be happy to do this, but I want to throw this out for public
    review beforehand.

    Chris 

    -- 
----------------------------------------------------- chriscjones.org
Chris Jones                                           Mad scientist at large