OpenSSH-3.9p1 permanently_set_uid behavior on Linux
Darren Tucker
dtucker at zip.com.au
Sun Aug 29 18:09:42 EST 2004
Glen Nakamura wrote:
> I'm curious about the following code at line 203 in uidswap.c:
>
> /* Try restoration of GID if changed (test clearing of saved gid) */
> if (old_gid != pw->pw_gid &&
> (setgid(old_gid) != -1 || setegid(old_gid) != -1))
> fatal("%s: was able to restore old [e]gid", __func__);
>
> This causes permanently_set_uid to fail in the following case:
>
> $ su
> Password: ????????
> # newgrp bin
> # ssh remotehost
> permanently_set_uid: was able to restore old [e]gid
> #
>
> Is this the desired behavior or should the code special case running as root?
It's desired behaviour for permanently_set_uid(), but it should be
special-cased in ssh and ssh-keysign (because uid==0 *is* special:
unlike most uids it can set its gid to whatever it wants).
I think something like the attached is needed (applies to -current but
the changes are simple to backport to 3.9p1).
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-ssh-ruid2.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040829/79a91ce3/attachment.ksh
More information about the openssh-unix-dev
mailing list