Subject: Re: openssh and login_cap(3)
To: None <itojun@iijlab.net>
From: Chris Jones <chris@cjones.org>
List: tech-security
Date: 02/14/2001 10:26:32
itojun@iijlab.net writes:
> >If there are new features (or especially bug fixes) in pkgsrc openssh
> >(2.3) that aren't in 1.5's openssh (2.2), then we should make sure
> >that pkgsrc openssh can install on a 1.5 system.
>
> (i think i have wrote similar item couple of times)
:)
> current situation is like this:
>
> current: 2.3.2 as of 2/14
> 1.5: 2.2.0 with patch against razor advisory
> pkgsrc/security/openssh: portable openssh 2.3.0p1
> pkgsrc/security/ssh: ssh.com ssh 1.2.27 + patch against razor advisory
Thanks for the clarification.
> i've requested a pullup from current to 1.5 branch.
But that won't help people who are running 1.5 and not tracking the
release branch.
> >If there are no such new features, then pkgsrc openssh should refuse
> >to install on a 1.5 system, and it should give a clear explanation of
> >why, to avoid confusion.
>
> i'm not sure about this. pkgsrc/security/openssh uses portable openssh
> distribution. usr.bin/ssh uses non-portable (original from openbsd).
> i can think of people who wants to install pkgsrc version for some
> reason.
...and right now, they can't; it installs, but it fails to run on a
stock 1.5 system.
The thing is, I'm not sure what to do about it. However, since nobody
else has made any suggestions, here's what I propose:
1. On the 1.5 (and possibly -current) branch, make login_getclass(3)
synthesize a "default" entry if /etc/login.conf doesn't exist or
is empty. Possibly (on the -current branch) also syslog a warning
in this case. Alter the man page to document this behavior.
2. In pkgsrc, make openssh continue to work if login_getclass(3)
returns NULL. Add this as a patch in the patches directory.
Should this patch get submitted back to the OpenSSH folks?
I'll be happy to do this, but I want to throw this out for public
review beforehand.
Chris
--
----------------------------------------------------- chris@cjones.org
Chris Jones Mad scientist at large