From bb5eb00d2d90f9d9ff17c7d4392927cd1c07d507 Mon Sep 17 00:00:00 2001 From: Jan F Date: Wed, 24 Nov 2010 07:49:04 +0100 Subject: [PATCH] - properly restore euid in case connect to the ssh-agent socket fails --- openssh.spec | 6 ++- pam_ssh_agent_auth-0.9.2-seteuid.patch | 53 +++++++++++++------------- 2 files changed, 31 insertions(+), 28 deletions(-) diff --git a/openssh.spec b/openssh.spec index 586cf2d..8fe2dcb 100644 --- a/openssh.spec +++ b/openssh.spec @@ -73,7 +73,7 @@ %define openssh_ver 5.6p1 %define openssh_rel 19 %define pam_ssh_agent_ver 0.9.2 -%define pam_ssh_agent_rel 28 +%define pam_ssh_agent_rel 29 Summary: An open source implementation of SSH protocol versions 1 and 2 Name: openssh @@ -591,9 +591,11 @@ fi %endif %changelog +* Wed Nov 24 2010 Jan F. Chadima - 5.6p1-19 + 0.9.2-29 +- properly restore euid in case connect to the ssh-agent socket fails + * Mon Nov 22 2010 Jan F. Chadima - 5.6p1-19 + 0.9.2-28 - striped read permissions from suid and sgid binaries -- properly restore euid in case connect to the ssh-agent socket fails * Mon Nov 15 2010 Jan F. Chadima - 5.6p1-18 + 0.9.2-27 - used upstream version of the biguid patch diff --git a/pam_ssh_agent_auth-0.9.2-seteuid.patch b/pam_ssh_agent_auth-0.9.2-seteuid.patch index 0c56a4a..b7f12a4 100644 --- a/pam_ssh_agent_auth-0.9.2-seteuid.patch +++ b/pam_ssh_agent_auth-0.9.2-seteuid.patch @@ -1,26 +1,27 @@ -diff -up pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c ---- pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid 2010-09-08 08:54:29.000000000 +0200 -+++ pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c 2010-11-22 08:38:05.000000000 +0100 -@@ -131,13 +131,17 @@ ssh_get_authentication_socket_for_uid(ui - } - - errno = 0; -- seteuid(uid); /* To ensure a race condition is not used to circumvent the stat -- above, we will temporarily drop UID to the caller */ -+ /* To ensure a race condition is not used to circumvent the stat -+ above, we will temporarily drop UID to the caller */ -+ if (seteuid(uid) == -1) { -+ error("seteuid(%lu) failed", (unsigned long) uid); -+ return -1; -+ } - if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) { - close(sock); -- if(errno == EACCES) -- fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid); -- return -1; -+ sock = -1; -+ if(errno == EACCES) -+ fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid); - } - - seteuid(0); /* we now continue the regularly scheduled programming */ +diff -up pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c +--- pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid 2010-09-08 08:54:29.000000000 +0200 ++++ pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c 2010-11-22 08:38:05.000000000 +0100 +@@ -131,13 +131,18 @@ ssh_get_authentication_socket_for_uid(ui + } + + errno = 0; +- seteuid(uid); /* To ensure a race condition is not used to circumvent the stat +- above, we will temporarily drop UID to the caller */ ++ /* To ensure a race condition is not used to circumvent the stat ++ above, we will temporarily drop UID to the caller */ ++ if (seteuid(uid) == -1) { ++ close(sock); ++ error("seteuid(%lu) failed", (unsigned long) uid); ++ return -1; ++ } + if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) { + close(sock); +- if(errno == EACCES) +- fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid); +- return -1; ++ sock = -1; ++ if(errno == EACCES) ++ fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid); + } + + seteuid(0); /* we now continue the regularly scheduled programming */