Upcoming OpenSSH vulnerability

[Ben Lindstrom]

[..]
> > > diff -urN openssh-3.4p1-dist/sshd.c openssh-3.4p1/sshd.c
> > > --- openssh-3.4p1-dist/sshd.c	Tue Jun 25 18:24:19 2002
> > > +++ openssh-3.4p1/sshd.c	Wed Jun 26 10:42:00 2002
> > > @@ -624,7 +624,7 @@
> > >  	/* XXX - Remote port forwarding */
> > >  	x_authctxt = authctxt;
> > >
> > > -#ifdef BROKEN_FD_PASSING
> > > +#if defined(BROKEN_FD_PASSING) || defined(HAVE_OSF_SIA)
> > >  	if (1) {
> >
> > No.  Fix Configure.ac.  There is a reason Tim and I agreed on
> > that define.  So we don't have to litter the source with more #ifdef
> > changes.
>
> Then name the define something else, like "NO_POSTAUTH_PRIVSEP", and
> auto-define it if BROKEN_FD_PASSING is defined.  FD passing is not
> broken on Tru64 (4.x or 5.x as far as I can tell).  If something else is
> added in the future that uses FD passing, it should be supported on
> Tru64, so Tru64 should not set BROKEN_FD_PASSING in configure.ac.
>

It will be left at BROKEN_FD_PASSING because when all platforms are
sqaured away that will be what is set if we run accross such a platform.
No one said what was going in 3.4 was set in stone for changes.=)


> > Better yet now we are post 3.4 we need a real solution.
>
> As I said above, I don't see how to do post-auth privsep on Tru64.  The
> requirements just don't seem to match the capabilities.  The only thing
> I can see to do is to open a PTY unconditionally before post-auth
> privsep and close it later if it is not needed (but I don't know for
> sure that would work either).  That would be a fairly major change;
> would such a change be accepted back into "core" OpenSSH?
>

If you can get a preview fix posted.  I'll work within the OpenSSH porable
group to ensure that some version of it gets included.

If that preview fix says 'we always open a temporary TTY' then so be it.
We can look at how to handle non-tty case handled after.

- Ben