OpenSSH-3.9p1 permanently_set_uid behavior on Linux

William R. Knox wknox at mitre.org
Tue Oct 19 04:39:35 EST 2004


I have noticed this behavior under Solaris 8 as well. There doesn't appear
to be a Bugzilla entry for it, and I see that it is not in the latest SNAP
available. Has this patch to ssh.c been helpful to anyone? It seems to fix
it under Solaris, for what that's worth. Is it likely to be included in
the future? Should I open up the bug?

			Bill Knox
			Lead Operating Systems Programmer/Analyst
			The MITRE Corporation

On Sun, 29 Aug 2004, Darren Tucker wrote:

> Date: Sun, 29 Aug 2004 18:09:42 +1000
> From: Darren Tucker <dtucker at zip.com.au>
> To: Glen Nakamura <glen at imodulo.com>
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: OpenSSH-3.9p1 permanently_set_uid behavior on Linux
>
> Glen Nakamura wrote:
> > I'm curious about the following code at line 203 in uidswap.c:
> >
> > 	/* Try restoration of GID if changed (test clearing of saved gid) */
> > 	if (old_gid != pw->pw_gid &&
> > 	    (setgid(old_gid) != -1 || setegid(old_gid) != -1))
> > 		fatal("%s: was able to restore old [e]gid", __func__);
> >
> > This causes permanently_set_uid to fail in the following case:
> >
> > $ su
> > Password: ????????
> > # newgrp bin
> > # ssh remotehost
> > permanently_set_uid: was able to restore old [e]gid
> > #
> >
> > Is this the desired behavior or should the code special case running as root?
>
> It's desired behaviour for permanently_set_uid(), but it should be
> special-cased in ssh and ssh-keysign (because uid==0 *is* special:
> unlike most uids it can set its gid to whatever it wants).
>
> I think something like the attached is needed (applies to -current but
> the changes are simple to backport to 3.9p1).
>
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>      Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-ssh-ruid2.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20041018/9d0d49f8/attachment.ksh 
-------------- next part --------------
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev at mindrot.org
http://www.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list