[Bug 2874] New: Privilege-dropping fails on some container systems

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Tue Jun 5 06:44:07 AEST 2018


https://bugzilla.mindrot.org/show_bug.cgi?id=2874

            Bug ID: 2874
           Summary: Privilege-dropping fails on some container systems
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: major
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: nicko at nicko.org

The main() function for in ssh.c calls PRIV_END even when the user is
unprivileged to start with. On several cloud 'Function as a service'
platforms, including AWS Lambda and Heroku, this fails with with an
"Operation not permitted" error.

This appears to be to do with the way that sandboxing capabilities of
these platforms restrict calls to seteuid() and the state of the real,
effective and saved user IDs.

It would be helpful if the PRIV_END and PRIV_START calls checked if
there were any privileges to drop or gain and not call seteuid() if
there is no privilege to be dropped.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list