4 files changed, 26 insertions, 8 deletions

diff --git a/ChangeLog b/ChangeLog
index 2c53b309f..341360d2b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,6 +4,11 @@
      [ssh.1 sshd.8 sshd_config.5]
      bump Mdocdate for pages committed in "febuary", necessary because
      of a typo in rcs.c;
+   - djm@cvs.openbsd.org 2008/02/13 22:38:17
+     [servconf.h session.c sshd.c]
+     rekey arc4random and OpenSSL RNG in postauth child
+     closefrom fds > 2 before shell/command execution
+     ok markus@
 
 20080302
  - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect
@@ -3664,4 +3669,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4851 2008/03/07 07:27:58 djm Exp $
+$Id: ChangeLog,v 1.4852 2008/03/07 07:31:24 djm Exp $
diff --git a/servconf.h b/servconf.h
index 81a68be89..5b88067db 100644
--- a/servconf.h
+++ b/servconf.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.h,v 1.81 2008/02/08 23:24:08 djm Exp $ */
+/* $OpenBSD: servconf.h,v 1.82 2008/02/13 22:38:17 djm Exp $ */
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -36,6 +36,9 @@
 
 #define DEFAULT_AUTH_FAIL_MAX   6       /* Default for MaxAuthTries */
 
+/* Magic name for internal sftp-server */
+#define INTERNAL_SFTP_NAME      "internal-sftp"
+
 typedef struct {
         u_int num_ports;
         u_int ports_from_cmdline;
diff --git a/session.c b/session.c
index 545e27fb7..589a15a6d 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.227 2008/02/10 10:54:29 djm Exp $ */
+/* $OpenBSD: session.c,v 1.228 2008/02/13 22:38:17 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -94,9 +94,6 @@
 #include <kafs.h>
 #endif
 
-/* Magic name for internal sftp-server */
-#define INTERNAL_SFTP_NAME      "internal-sftp"
-
 /* func */
 
 Session *session_new(void);
@@ -491,6 +488,8 @@ do_exec_no_pty(Session *s, const char *command)
                 cray_init_job(s->pw); /* set up cray jid and tmpdir */
 #endif
 
+                closefrom(STDERR_FILENO + 1);
+
                 /* Do processing for the child (exec command etc). */
                 do_child(s, command);
                 /* NOTREACHED */
@@ -611,6 +610,8 @@ do_exec_pty(Session *s, const char *command)
 # endif
 #endif
 
+                closefrom(STDERR_FILENO + 1);
+
                 /* Do common processing for the child, such as execing the command. */
                 do_child(s, command);
                 /* NOTREACHED */
diff --git a/sshd.c b/sshd.c
index 345ee4315..2920b26cf 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshd.c,v 1.353 2007/12/31 15:27:04 dtucker Exp $ */
+/* $OpenBSD: sshd.c,v 1.354 2008/02/13 22:38:17 djm Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -585,11 +585,12 @@ privsep_preauth_child(void)
 {
         u_int32_t rnd[256];
         gid_t gidset[1];
-        int i;
+        u_int i;
 
         /* Enable challenge-response authentication for privilege separation */
         privsep_challenge_enable();
 
+        arc4random_stir();
         for (i = 0; i < 256; i++)
                 rnd[i] = arc4random();
         RAND_seed(rnd, sizeof(rnd));
@@ -664,6 +665,9 @@ privsep_preauth(Authctxt *authctxt)
 static void
 privsep_postauth(Authctxt *authctxt)
 {
+        u_int32_t rnd[256];
+        u_int i;
+
 #ifdef DISABLE_FD_PASSING
         if (1) {
 #else
@@ -695,6 +699,11 @@ privsep_postauth(Authctxt *authctxt)
         /* Demote the private keys to public keys. */
         demote_sensitive_data();
 
+        arc4random_stir();
+        for (i = 0; i < 256; i++)
+                rnd[i] = arc4random();
+        RAND_seed(rnd, sizeof(rnd));
+
         /* Drop privileges */
         do_setusercontext(authctxt->pw);