SCO 5.0.5 question (username not known)
Gert Doering
gert at greenie.muc.de
Sun Feb 11 10:37:45 EST 2001
Hi,
On Sat, Feb 10, 2001 at 02:29:50PM -0800, svaughan wrote:
> Yes that looks to be it. Here is the output for a normal telnet and then
> an ssh connection. luid is not being set. How can I correct this?
>
>
> from a normal telnet :
> id -l
> uid=244(svaughan) gid=102(udt) luid=244(svaughan) groups=102(udt)
>
> from an ssh :
> id -l
> uid=244(svaughan) gid=102(udt) luid=-1(not set) groups=102(udt)
Yep. C2 security striking again...
To Svaughan: I know where it comes from, but can't fix it in the code (no
time to really dig into uid/gid handling right now). But maybe I can
explain it to the OpenSSH people so that the fix is obvious to one of
them :-)
To the OpenSSH team: SCO (and maybe others) has a so-called "login uid".
It's something that can only be set *once*, usually by login (or telnetd
or whatever), and will then be passed on to all children, even to suid
children. There is no way a process can change its LUID.
"Init" runs with luid "unset" (which is a distinctive state, shown as
"-1", and is also inherited by all children). The first process doing
authentication should then set the luid.
The system call required is "setluid(uid_t)", and should be done at the
place in sshd where the user ID is set, all root privileges are revoked,
and the user shell is "to be called". Caveat: if sshd is run from the
command line, like "make ; make install; sshd", setluid() will fail - but
there's nothing we can do, except recommend to run sshd only from
/etc/inittab (":once:" settings).
I have appended the setluid man page below (from SCO 3.0). The sentence
about "unless the LUID is set, setuid/setgid will fail" is not true here,
which seems to be related to "relaxed security settings" being in place.
gert
----
setluid(S) 6 January 1993 setluid(S)
Name
setluid - set login user ID
Syntax
cc . . . -lprot
#include <sys/types.h>
#include <sys/security.h>
#include <sys/audit.h>
#include <prot.h>
int setluid (uid)
unsigned short uid;
Description
The setluid routine is used to set the login user ID of the calling pro-
cess. The login user ID, or LUID, should be set at login time. Only the
super user can set the LUID. Once set, the LUID cannot be reset, even by
the super user.
Until the LUID is set, the setuid(S) and setgid(S) routines fail. This
ensures that the LUID is set before any identity changes in the other
(effective and real) user IDs.
The setluid routine is invoked by the login(C) program just prior to the
identity changes caused by setuid(S) and setgid(S) calls. It is also
used by at(C) and crontab(C) job entries before starting a non-
interactive session for a user.
The LUID is an accurate representation of the user who logged into the
system and cannot be altered during the session. The LUID is needed
because both the effective and real user IDs can be altered by use of
setuid(S) or the setuid bits on an executable file, and consequently, at
times during a session, do not accurately reflect the login user.
The LUID is inherited by all children of the process. If the LUID was
not set before a fork(S), the child would also contain an unset LUID.
Return value
Upon successful completion, the setluid routine returns a value of 0.
Otherwise, a value of -1 is returned and errno is set to indicate the
appropriate error.
Diagnostics
If one of the following conditions occurs, the setluid routine fails and
errno is set to the corresponding value:
[EINVAL] user ID is out of range.
[EPERM] The LUID has already been set for this process or some ancestor
of this process.
See also
getluid(S), getuid(S), setuid(S), setgid(S), stat(S)
Standards conformance
The setluid routine is an extension of AT&T System V provided by the
Santa Cruz Operation.
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
More information about the openssh-unix-dev
mailing list