diff --git a/openssh.spec b/openssh.spec index b5da65f..586cf2d 100644 --- a/openssh.spec +++ b/openssh.spec @@ -71,9 +71,9 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.6p1 -%define openssh_rel 18 +%define openssh_rel 19 %define pam_ssh_agent_ver 0.9.2 -%define pam_ssh_agent_rel 27 +%define pam_ssh_agent_rel 28 Summary: An open source implementation of SSH protocol versions 1 and 2 Name: openssh @@ -101,6 +101,7 @@ Patch3: openssh-5.6p1-audit3.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1640 Patch5: openssh-5.2p1-vendor.patch Patch10: pam_ssh_agent_auth-0.9-build.patch +Patch11: pam_ssh_agent_auth-0.9.2-seteuid.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1641 Patch12: openssh-5.4p1-selinux.patch Patch13: openssh-5.6p1-mls.patch @@ -277,6 +278,7 @@ The module is most useful for su and sudo service stacks. %if %{pam_ssh_agent} pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} %patch10 -p1 -b .psaa-build +%patch11 -p1 -b .psaa-seteuid # Remove duplicate headers rm -f $(cat %{SOURCE5}) popd @@ -513,7 +515,7 @@ fi %attr(0755,root,root) %{_bindir}/ssh-keygen %attr(0644,root,root) %{_mandir}/man1/ssh-keygen.1* %attr(0755,root,root) %dir %{_libexecdir}/openssh -%attr(4755,root,root) %{_libexecdir}/openssh/ssh-keysign +%attr(4111,root,root) %{_libexecdir}/openssh/ssh-keysign %attr(0644,root,root) %{_mandir}/man8/ssh-keysign.8* %endif %if %{scard} @@ -533,7 +535,7 @@ fi %attr(0644,root,root) %{_mandir}/man1/slogin.1* %attr(0644,root,root) %{_mandir}/man5/ssh_config.5* %if ! %{rescue} -%attr(2755,root,nobody) %{_bindir}/ssh-agent +%attr(2111,root,nobody) %{_bindir}/ssh-agent %attr(0755,root,root) %{_bindir}/ssh-add %attr(0755,root,root) %{_bindir}/ssh-keyscan %attr(0755,root,root) %{_bindir}/sftp @@ -589,6 +591,10 @@ fi %endif %changelog +* Mon Nov 22 2010 Jan F. Chadima - 5.6p1-19 + 0.9.2-28 +- striped read permissions from suid and sgid binaries +- properly restore euid in case connect to the ssh-agent socket fails + * Mon Nov 15 2010 Jan F. Chadima - 5.6p1-18 + 0.9.2-27 - used upstream version of the biguid patch diff --git a/pam_ssh_agent_auth-0.9.2-seteuid.patch b/pam_ssh_agent_auth-0.9.2-seteuid.patch new file mode 100644 index 0000000..0c56a4a --- /dev/null +++ b/pam_ssh_agent_auth-0.9.2-seteuid.patch @@ -0,0 +1,26 @@ +diff -up pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c +--- pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid 2010-09-08 08:54:29.000000000 +0200 ++++ pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c 2010-11-22 08:38:05.000000000 +0100 +@@ -131,13 +131,17 @@ ssh_get_authentication_socket_for_uid(ui + } + + errno = 0; +- seteuid(uid); /* To ensure a race condition is not used to circumvent the stat +- above, we will temporarily drop UID to the caller */ ++ /* To ensure a race condition is not used to circumvent the stat ++ above, we will temporarily drop UID to the caller */ ++ if (seteuid(uid) == -1) { ++ error("seteuid(%lu) failed", (unsigned long) uid); ++ return -1; ++ } + if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) { + close(sock); +- if(errno == EACCES) +- fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid); +- return -1; ++ sock = -1; ++ if(errno == EACCES) ++ fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid); + } + + seteuid(0); /* we now continue the regularly scheduled programming */