Test Failure OpenSSH 7.1 P2 on HPE NSE for key-commands

Darren Tucker dtucker at zip.com.au
Wed Feb 10 12:04:34 AEDT 2016


On Tue, Feb 09, 2016 at 07:46:45PM -0500, Randall S. Becker wrote:
[...]
> SUPERUSER ends up being 65535, which is root on this platform. SUPER.SUPER
> is the actual name of root. /var and /var/run are both 755, while
> /var/run/keycommand_SUPER.SUPER is 644.

OK, I think the ownership is the problem.

auth2-pubkey.c:subprocess() does this:

	if (stat(av[0], &st) < 0)
[...]
	if (auth_secure_path(av[0], &st, NULL, 0,
	    errmsg, sizeof(errmsg)) != 0) {
		error("Unsafe %s \"%s\": %s", tag, av[0], errmsg);

The 4th arg to auth_secure_path is the UID we expect the file to be owned by.

If you apply the following and compile with -DROOT_UID=65535 does it work?
What does ./config.guess report the platform as?

diff --git a/auth2-pubkey.c b/auth2-pubkey.c
index 41b34ae..bdcb2c2 100644
--- a/auth2-pubkey.c
+++ b/auth2-pubkey.c
@@ -420,7 +420,7 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
 		restore_uid();
 		return 0;
 	}
-	if (auth_secure_path(av[0], &st, NULL, 0,
+	if (auth_secure_path(av[0], &st, NULL, ROOT_UID,
 	    errmsg, sizeof(errmsg)) != 0) {
 		error("Unsafe %s \"%s\": %s", tag, av[0], errmsg);
 		restore_uid();
diff --git a/defines.h b/defines.h
index a438ddd..7489fef 100644
--- a/defines.h
+++ b/defines.h
@@ -857,4 +857,8 @@ struct winsize {
 # define USE_SYSTEM_GLOB
 #endif
 
+#ifndef ROOT_UID
+# define ROOT_UID	0
+#endif
+
 #endif /* _DEFINES_H */

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list