Bug#115182: marked as done (openssh: fix for #105854 should be reworked)

To: Colin Watson <cjwatson@debian.org>
Cc: Matthew Vernon <matthew@debian.org>
Subject: Bug#115182: marked as done (openssh: fix for #105854 should be reworked)
From: owner@bugs.debian.org (Debian Bug Tracking System)
Date: Sun, 07 Mar 2004 03:03:05 -0800
Message-id: <[🔎] handler.115182.D115182.107865684010948.ackdone@bugs.debian.org>
In-reply-to: <20040307105357.GA31513@riva.ucam.org>
References: <20040307105357.GA31513@riva.ucam.org> <20011010215243.A27378@hermes>

Your message dated Sun, 7 Mar 2004 10:53:57 +0000
with message-id <20040307105357.GA31513@riva.ucam.org>
and subject line openssh: fix for #105854 should be reworked
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--------------------------------------
Received: (at submit) by bugs.debian.org; 10 Oct 2001 19:52:49 +0000
>From Sergio.Gelato@astro.su.se Wed Oct 10 14:52:49 2001
Return-path: <Sergio.Gelato@astro.su.se>
Received: from as.astro.su.se [130.237.166.29] 
	by master.debian.org with smtp (Exim 3.12 1 (Debian))
	id 15rPPM-0001MA-00; Wed, 10 Oct 2001 14:52:49 -0500
Received: (qmail 15798 invoked by alias); 10 Oct 2001 19:52:45 -0000
Received: (qmail 15791 invoked from network); 10 Oct 2001 19:52:44 -0000
Received: from hermes.astro.su.se (user77854@130.237.166.67)
  by as.astro.su.se with SMTP; 10 Oct 2001 19:52:44 -0000
Received: by hermes.astro.su.se (Postfix, from userid 350)
	id 0C4EB18804; Wed, 10 Oct 2001 21:52:44 +0200 (CEST)
Date: Wed, 10 Oct 2001 21:52:43 +0200
From: Sergio Gelato <Sergio.Gelato@astro.su.se>
To: submit@bugs.debian.org
Subject: openssh: fix for #105854 should be reworked
Message-ID: <20011010215243.A27378@hermes>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Delivered-To: submit@bugs.debian.org

Package: ssh
Version: 1:2.9p2-6
Severity: normal

In trying to carry over the Debian 1:2.9p2-6 patches to OpenSSH to the new
upstream version (2.9.9p2), I found that the fix for Bug #105854 is causing
trouble. That bug number has been reassigned to rlinetd, so I'm opening a
new one.

The immediate problem with the previous fix is that it made uidswap.c 
dependent on some global variables that exist in ssh but not in sshd, 
and the new upstream needs to link uidswap.o into sshd as well, causing
symbol resolution errors at link time.

I have devised a much simpler (and smaller) fix for the original "bug",
one that makes better use of existing infrastructure in uidswap.c.
Here it is:

--- openssh-2.9.9p2.orig/uidswap.c
+++ openssh-2.9.9p2/uidswap.c
@@ -36,7 +36,7 @@
 #endif
 
 /* Saved effective uid. */
-static int     privileged = 0;
+static int     privileged = -1;
 static int     temporarily_use_uid_effective = 0;
 static gid_t   saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX];
 static int     saved_egroupslen = -1, user_groupslen = -1;
@@ -147,7 +147,7 @@
 {
        if (temporarily_use_uid_effective)
                fatal("restore_uid: temporarily_use_uid effective");
-       if (setgid(pw->pw_gid) < 0)
+       if (privileged && setgid(pw->pw_gid) < 0)
                fatal("setgid %u: %.100s", (u_int) pw->pw_gid, strerror(errno));
        if (setuid(pw->pw_uid) < 0)
                fatal("setuid %u: %.100s", (u_int) pw->pw_uid, strerror(errno));

The first hunk is actually optional (the "privileged" variable is explicitly
initialised at run time), but still prudent (avoids a security hole should 
some future patch would the explicit initialisation to be bypassed).

The patches to readconf.c, readconf.h, ssh.c introducing the "runningnotsetuid"
"option" are now unnecessary and should be dropped.

An alternative (and arguably better, except it implies a slight change of
semantics from the upstream version) fix might be to add a
	pw->pw_gid = getgid();
immediately after the
	ps = pwcopy(pw);
line in ssh.c. Then the setgid() call in uidswap.c will try to switch to
the processes original rgid (this should always succeed) rather than to
the original ruid's primary gid.

Email me if you want my *whole* openssh-2.9.9p2-1.diff.gz. It's still
experimental...

---------------------------------------
Received: (at 115182-done) by bugs.debian.org; 7 Mar 2004 10:54:00 +0000
>From cjwatson@flatline.org.uk Sun Mar 07 02:54:00 2004
Return-path: <cjwatson@flatline.org.uk>
Received: from chiark.greenend.org.uk [193.201.200.170] (mail)
	by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
	id 1Azvuy-0002qO-00; Sun, 07 Mar 2004 02:54:00 -0800
Received: from [192.168.124.112] (helo=riva.lab.dotat.at)
	by chiark.greenend.org.uk (Debian Exim 3.35 #1) with esmtp
	for 115182-done@bugs.debian.org
	id 1Azvuw-0002XU-00; Sun, 07 Mar 2004 10:53:58 +0000
Received: from cjwatson by riva.lab.dotat.at with local (Exim 3.35 #1 (Debian))
	for 115182-done@bugs.debian.org
	id 1Azvuv-0008CT-00; Sun, 07 Mar 2004 10:53:57 +0000
Date: Sun, 7 Mar 2004 10:53:57 +0000
From: Colin Watson <cjwatson@debian.org>
To: 115182-done@bugs.debian.org
Subject: Re: openssh: fix for #105854 should be reworked
Message-ID: <20040307105357.GA31513@riva.ucam.org>
References: <20011010215243.A27378@hermes>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20011010215243.A27378@hermes>
User-Agent: Mutt/1.3.28i
Delivered-To: 115182-done@bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_05 
	(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=0.0 required=4.0 tests=none autolearn=no 
	version=2.60-bugs.debian.org_2004_03_05
X-Spam-Level: 

On Wed, Oct 10, 2001 at 09:52:43PM +0200, Sergio Gelato wrote:
> Package: ssh
> Version: 1:2.9p2-6
> Severity: normal
> 
> In trying to carry over the Debian 1:2.9p2-6 patches to OpenSSH to the new
> upstream version (2.9.9p2), I found that the fix for Bug #105854 is causing
> trouble. That bug number has been reassigned to rlinetd, so I'm opening a
> new one.
> 
> The immediate problem with the previous fix is that it made uidswap.c 
> dependent on some global variables that exist in ssh but not in sshd, 
> and the new upstream needs to link uidswap.o into sshd as well, causing
> symbol resolution errors at link time.

This bug is long since gone: we don't patch uidswap.c at all any more,
and ssh is no longer set-id.

Thanks,

-- 
Colin Watson                                  [cjwatson@flatline.org.uk]

Reply to:

Prev by Date: Bug#226255: ssh: Please lower debconf priority for some questions
Next by Date: Bug#228828: ssh: ssh-keyscan sometimes exits when it finds an ftp server
Previous by thread: Bug#226255: ssh: Please lower debconf priority for some questions
Next by thread: Bug#228828: ssh: ssh-keyscan sometimes exits when it finds an ftp server
Index(es):
- Date
- Thread