uidswap
Chimento, Douglas
Douglas.Chimento at FMR.COM
Sat May 18 14:05:47 EST 2002
This bug has already been reported as bug 136, Sorry to be a bother
-----Original Message-----
From: Chimento, Douglas [mailto:Douglas.Chimento at fmr.com]
Sent: Friday, May 17, 2002 10:27 AM
To: openssh-unix-dev at mindrot.org
Subject: RE: uidswap
Thanks Markkus.
Please excuse my ignorance , I am not much of a UNIX programmer but I
believe I see a potential issue.
Suppose ssh in NOT installed setuid root. If you take a look at the function
permanently_set_uid() in uidswap.c ( line 146 in 3.1p1 ) I believe these
lines below can fail unexpectedly:
if (setgid(pw->pw_gid) < 0)
fatal("setgid %u: %.100s", (u_int) pw->pw_gid,
strerror(errno));
Here's why , Suppose you "switch" primary group id with the newgrp command.
( For instance:
[doug at host ~]$ id
uid=1065(doug) gid=100(staff)
[doug at host ~]$ newgrp test
[doug at host ~]$ id
uid=1065(doug) gid=1001(test)
[doug at host ~]$
)
Now clearly pw->pw_gid != getgid() and so setgid(pw->pw_gid) will always
fail because the user is no longer a part of pw->pw_gid group. ( I hope
that made sense ).
I think the solution would be to do what is done in the restore_uid()
function ( line 108 in uidswap.c ). That is, check to see if the user is
"privileged".
So we could have this in permanently_set_uid():
{
if (temporarily_use_uid_effective)
fatal("restore_uid: temporarily_use_uid effective");
if (!privileged)
return;
if (setgid(pw->pw_gid) < 0)
fatal("setgid %u: %.100s", (u_int) pw->pw_gid,
strerror(errno));
if (setuid(pw->pw_uid) < 0)
fatal("setuid %u: %.100s", (u_int) pw->pw_uid,
strerror(errno));
}
instead of....
{
if (temporarily_use_uid_effective)
fatal("restore_uid: temporarily_use_uid effective");
if (setgid(pw->pw_gid) < 0)
fatal("setgid %u: %.100s", (u_int) pw->pw_gid,
strerror(errno));
if (setuid(pw->pw_uid) < 0)
fatal("setuid %u: %.100s", (u_int) pw->pw_uid,
strerror(errno));
}
What are your thoughts?
Thanks for your time.
-----Original Message-----
From: Markus Friedl [mailto:markus at openbsd.org]
Sent: Thursday, May 16, 2002 7:18 PM
To: Chimento, Douglas
Cc: openssh-unix-dev at mindrot.org
Subject: Re: uidswap
On Thu, May 16, 2002 at 04:32:11PM -0400, Chimento, Douglas wrote:
> What are the consequnences if you do not install ssh setuid
> root? ( As far I as know no uid swaping occurs )
hostbased authentication won't work.
_______________________________________________
openssh-unix-dev at mindrot.org mailing list
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
More information about the openssh-unix-dev
mailing list