Call for testing: OpenSSH-6.2

Tue Mar 12 08:33:09 EST 2013

I don't mind, but are these really the only uid==0 checks that matter?

On Mon, 11 Mar 2013, Darren Tucker wrote:

> On Mon, Mar 11, 2013 at 01:28:20PM +1100, Darren Tucker wrote:
> > Unsafe AuthorizedKeysCommand: bad ownership or modes for directory /var/run
> > 
> > where /var/run and /var are owned by "bin" (uid 2)
> 
> Possible solution (note you'll need to run "autoreconf" to rebuild
> configure then run ./configure again).
> 
> djm, tim: wanted for release or not?
> 
> Index: auth.c
> ===================================================================
> RCS file: /openssh_cvs/openssh/auth.c,v
> retrieving revision 1.156
> diff -u -r1.156 auth.c
> --- auth.c	12 Feb 2013 00:02:28 -0000	1.156
> +++ auth.c	11 Mar 2013 02:26:27 -0000
> @@ -448,7 +448,7 @@
>  		snprintf(err, errlen, "%s is not a regular file", buf);
>  		return -1;
>  	}
> -	if ((stp->st_uid != 0 && stp->st_uid != uid) ||
> +	if ((!platform_system_uid(stp->st_uid) && stp->st_uid != uid) ||
>  	    (stp->st_mode & 022) != 0) {
>  		snprintf(err, errlen, "bad ownership or modes for file %s",
>  		    buf);
> @@ -464,7 +464,7 @@
>  		strlcpy(buf, cp, sizeof(buf));
>  
>  		if (stat(buf, &st) < 0 ||
> -		    (st.st_uid != 0 && st.st_uid != uid) ||
> +		    (!platform_system_uid(st.st_uid) && st.st_uid != uid) ||
>  		    (st.st_mode & 022) != 0) {
>  			snprintf(err, errlen,
>  			    "bad ownership or modes for directory %s", buf);
> Index: configure.ac
> ===================================================================
> RCS file: /openssh_cvs/openssh/configure.ac,v
> retrieving revision 1.513
> diff -u -r1.513 configure.ac
> --- configure.ac	8 Mar 2013 01:14:23 -0000	1.513
> +++ configure.ac	11 Mar 2013 02:26:27 -0000
> @@ -480,6 +480,7 @@
>  	AC_DEFINE([SSHPAM_CHAUTHTOK_NEEDS_RUID], [1],
>  	    [AIX 5.2 and 5.3 (and presumably newer) require this])
>  	AC_DEFINE([PTY_ZEROREAD], [1], [read(1) can return 0 for a non-closed fd])
> +	AC_DEFINE([PLATFORM_SYSTEM_UID], 2, [System dirs owned by bin (uid 2)])
>  	;;
>  *-*-cygwin*)
>  	check_for_libcrypt_later=1
> @@ -565,6 +566,7 @@
>  	AC_DEFINE([LOCKED_PASSWD_STRING], ["*"],
>  		[String used in /etc/passwd to denote locked account])
>  	AC_DEFINE([SPT_TYPE], [SPT_PSTAT])
> +	AC_DEFINE([PLATFORM_SYSTEM_UID], 2, [System dirs owned by bin (uid 2)])
>  	maildir="/var/mail"
>  	LIBS="$LIBS -lsec"
>  	AC_CHECK_LIB([xnet], [t_error], ,
> Index: platform.c
> ===================================================================
> RCS file: /openssh_cvs/openssh/platform.c,v
> retrieving revision 1.18
> diff -u -r1.18 platform.c
> --- platform.c	11 Jan 2011 06:02:25 -0000	1.18
> +++ platform.c	11 Mar 2013 02:26:27 -0000
> @@ -194,3 +194,15 @@
>  	return NULL;
>  #endif
>  }
> +
> +int
> +platform_system_uid(uid_t uid)
> +{
> +	if (uid == 0)
> +		return 1;
> +#ifdef PLATFORM_SYSTEM_UID
> +	if (uid == PLATFORM_SYSTEM_UID)
> +		return 1;
> +#endif
> +	return 0;
> +}
> Index: platform.h
> ===================================================================
> RCS file: /openssh_cvs/openssh/platform.h,v
> retrieving revision 1.7
> diff -u -r1.7 platform.h
> --- platform.h	5 Nov 2010 03:47:01 -0000	1.7
> +++ platform.h	11 Mar 2013 02:26:27 -0000
> @@ -29,5 +29,4 @@
>  void platform_setusercontext_post_groups(struct passwd *);
>  char *platform_get_krb5_client(const char *);
>  char *platform_krb5_get_principal_name(const char *);
> -
> -
> +int platform_system_uid(uid_t);
> 
> -- 
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>     Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
> 