rpms
/
openssh
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- striped read permissions from suid and sgid binaries 

- properly restore euid in case connect to the ssh-agent socket fails
This commit is contained in:
Jan F. Chadima 2010-10-10 05:43:12 +02:00
parent 7c53d7e5af
commit d2ed53bfc6
2 changed files with 36 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
openssh.spec
View File

@ -71,9 +71,9 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_ver 5.6p1
%define openssh_rel 18
%define openssh_rel 19
%define pam_ssh_agent_ver 0.9.2
%define pam_ssh_agent_rel 27
%define pam_ssh_agent_rel 28
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
@ -101,6 +101,7 @@ Patch3: openssh-5.6p1-audit3.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640
Patch5: openssh-5.2p1-vendor.patch
Patch10: pam_ssh_agent_auth-0.9-build.patch
Patch11: pam_ssh_agent_auth-0.9.2-seteuid.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Patch12: openssh-5.4p1-selinux.patch
Patch13: openssh-5.6p1-mls.patch
@ -277,6 +278,7 @@ The module is most useful for su and sudo service stacks.
%if %{pam_ssh_agent}
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
%patch10 -p1 -b .psaa-build
%patch11 -p1 -b .psaa-seteuid
# Remove duplicate headers
rm -f $(cat %{SOURCE5})
popd
@ -513,7 +515,7 @@ fi
%attr(0755,root,root) %{_bindir}/ssh-keygen
%attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1*
%attr(0755,root,root) %dir %{_libexecdir}/openssh
%attr(4755,root,root) %{_libexecdir}/openssh/ssh-keysign
%attr(4111,root,root) %{_libexecdir}/openssh/ssh-keysign
%attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8*
%endif
%if %{scard}
@ -533,7 +535,7 @@ fi
%attr(0644,root,root) %{_mandir}/man1/slogin.1*
%attr(0644,root,root) %{_mandir}/man5/ssh_config.5*
%if ! %{rescue}
%attr(2755,root,nobody) %{_bindir}/ssh-agent
%attr(2111,root,nobody) %{_bindir}/ssh-agent
%attr(0755,root,root) %{_bindir}/ssh-add
%attr(0755,root,root) %{_bindir}/ssh-keyscan
%attr(0755,root,root) %{_bindir}/sftp
@ -589,6 +591,10 @@ fi
%endif
%changelog
* Mon Nov 22 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-19 + 0.9.2-28
- striped read permissions from suid and sgid binaries
- properly restore euid in case connect to the ssh-agent socket fails
* Mon Nov 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-18 + 0.9.2-27
- used upstream version of the biguid patch

26
pam_ssh_agent_auth-0.9.2-seteuid.patch Normal file
View File

@ -0,0 +1,26 @@
diff -up pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c
--- pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid 2010-09-08 08:54:29.000000000 +0200
+++ pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c 2010-11-22 08:38:05.000000000 +0100
@@ -131,13 +131,17 @@ ssh_get_authentication_socket_for_uid(ui
}
errno = 0;
- seteuid(uid); /* To ensure a race condition is not used to circumvent the stat
- above, we will temporarily drop UID to the caller */
+ /* To ensure a race condition is not used to circumvent the stat
+ above, we will temporarily drop UID to the caller */
+ if (seteuid(uid) == -1) {
+ error("seteuid(%lu) failed", (unsigned long) uid);
+ return -1;
+ }
if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
close(sock);
- if(errno == EACCES)
- fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
- return -1;
+ sock = -1;
+ if(errno == EACCES)
+ fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
}
seteuid(0); /* we now continue the regularly scheduled programming */