Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands
Darren Tucker
dtucker at zip.com.au
Wed Feb 10 12:04:34 AEDT 2016
On Tue, Feb 09, 2016 at 07:46:45PM -0500, Randall S. Becker wrote:
[...]
> SUPERUSER ends up being 65535, which is root on this platform. SUPER.SUPER
> is the actual name of root. /var and /var/run are both 755, while
> /var/run/keycommand_SUPER.SUPER is 644.
OK, I think the ownership is the problem.
auth2-pubkey.c:subprocess() does this:
if (stat(av[0], &st) < 0)
[...]
if (auth_secure_path(av[0], &st, NULL, 0,
errmsg, sizeof(errmsg)) != 0) {
error("Unsafe %s \"%s\": %s", tag, av[0], errmsg);
The 4th arg to auth_secure_path is the UID we expect the file to be owned by.
If you apply the following and compile with -DROOT_UID=65535 does it work?
What does ./config.guess report the platform as?
diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 41b34ae..bdcb2c2 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -420,7 +420,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
restore_uid();
return 0;
}
- if (auth_secure_path(av[0], &st, NULL, 0,
+ if (auth_secure_path(av[0], &st, NULL, ROOT_UID,
errmsg, sizeof(errmsg)) != 0) {
error("Unsafe %s \"%s\": %s", tag, av[0], errmsg);
restore_uid();
diff --git a/defines.h b/defines.h
index a438ddd..7489fef 100644
--- a/defines.h
+++ b/defines.h
@@ -857,4 +857,8 @@ struct winsize {
# define USE_SYSTEM_GLOB
#endif
+#ifndef ROOT_UID
+# define ROOT_UID 0
+#endif
+
#endif /* _DEFINES_H */
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list