diff options
Diffstat (limited to 'debian/patches/user-group-modes.patch')
-rw-r--r-- | debian/patches/user-group-modes.patch | 125 |
1 files changed, 38 insertions, 87 deletions
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 17e7126ca..338c7567d 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 0b9c0482cbff9ce16384e4247d955676d4d77df3 Mon Sep 17 00:00:00 2001 | 1 | From b1033fed87fd9fa24dccab45f00cadcbc7144c47 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:09:58 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:58 +0000 |
4 | Subject: Allow harmless group-writability | 4 | Subject: Allow harmless group-writability |
@@ -13,19 +13,18 @@ default. | |||
13 | 13 | ||
14 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 | 14 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 |
15 | Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 | 15 | Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 |
16 | Last-Update: 2013-09-14 | 16 | Last-Update: 2017-10-04 |
17 | 17 | ||
18 | Patch-Name: user-group-modes.patch | 18 | Patch-Name: user-group-modes.patch |
19 | --- | 19 | --- |
20 | auth-rhosts.c | 6 ++---- | 20 | auth-rhosts.c | 6 ++---- |
21 | auth.c | 9 +++----- | 21 | auth.c | 3 +-- |
22 | misc.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- | 22 | misc.c | 58 +++++++++++++++++++++++++++++++++++++++++++++++++++++----- |
23 | misc.h | 2 ++ | 23 | misc.h | 2 ++ |
24 | platform.c | 16 -------------- | ||
25 | readconf.c | 3 +-- | 24 | readconf.c | 3 +-- |
26 | ssh.1 | 2 ++ | 25 | ssh.1 | 2 ++ |
27 | ssh_config.5 | 2 ++ | 26 | ssh_config.5 | 2 ++ |
28 | 8 files changed, 80 insertions(+), 29 deletions(-) | 27 | 7 files changed, 63 insertions(+), 13 deletions(-) |
29 | 28 | ||
30 | diff --git a/auth-rhosts.c b/auth-rhosts.c | 29 | diff --git a/auth-rhosts.c b/auth-rhosts.c |
31 | index ecf956f0..4dccd5e6 100644 | 30 | index ecf956f0..4dccd5e6 100644 |
@@ -52,10 +51,10 @@ index ecf956f0..4dccd5e6 100644 | |||
52 | pw->pw_name, buf); | 51 | pw->pw_name, buf); |
53 | auth_debug_add("Bad file modes for %.200s", buf); | 52 | auth_debug_add("Bad file modes for %.200s", buf); |
54 | diff --git a/auth.c b/auth.c | 53 | diff --git a/auth.c b/auth.c |
55 | index c6390687..90390724 100644 | 54 | index 6aec3605..68a1e4a7 100644 |
56 | --- a/auth.c | 55 | --- a/auth.c |
57 | +++ b/auth.c | 56 | +++ b/auth.c |
58 | @@ -444,8 +444,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | 57 | @@ -467,8 +467,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host, |
59 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); | 58 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); |
60 | if (options.strict_modes && | 59 | if (options.strict_modes && |
61 | (stat(user_hostfile, &st) == 0) && | 60 | (stat(user_hostfile, &st) == 0) && |
@@ -65,31 +64,11 @@ index c6390687..90390724 100644 | |||
65 | logit("Authentication refused for %.100s: " | 64 | logit("Authentication refused for %.100s: " |
66 | "bad owner or modes for %.200s", | 65 | "bad owner or modes for %.200s", |
67 | pw->pw_name, user_hostfile); | 66 | pw->pw_name, user_hostfile); |
68 | @@ -507,8 +506,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, | ||
69 | snprintf(err, errlen, "%s is not a regular file", buf); | ||
70 | return -1; | ||
71 | } | ||
72 | - if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) || | ||
73 | - (stp->st_mode & 022) != 0) { | ||
74 | + if (!secure_permissions(stp, uid)) { | ||
75 | snprintf(err, errlen, "bad ownership or modes for file %s", | ||
76 | buf); | ||
77 | return -1; | ||
78 | @@ -523,8 +521,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, | ||
79 | strlcpy(buf, cp, sizeof(buf)); | ||
80 | |||
81 | if (stat(buf, &st) < 0 || | ||
82 | - (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || | ||
83 | - (st.st_mode & 022) != 0) { | ||
84 | + !secure_permissions(&st, uid)) { | ||
85 | snprintf(err, errlen, | ||
86 | "bad ownership or modes for directory %s", buf); | ||
87 | return -1; | ||
88 | diff --git a/misc.c b/misc.c | 67 | diff --git a/misc.c b/misc.c |
89 | index cfd32729..6e972f56 100644 | 68 | index 05950a47..40aeeef3 100644 |
90 | --- a/misc.c | 69 | --- a/misc.c |
91 | +++ b/misc.c | 70 | +++ b/misc.c |
92 | @@ -51,8 +51,9 @@ | 71 | @@ -57,8 +57,9 @@ |
93 | #include <netdb.h> | 72 | #include <netdb.h> |
94 | #ifdef HAVE_PATHS_H | 73 | #ifdef HAVE_PATHS_H |
95 | # include <paths.h> | 74 | # include <paths.h> |
@@ -100,34 +79,10 @@ index cfd32729..6e972f56 100644 | |||
100 | #ifdef SSH_TUN_OPENBSD | 79 | #ifdef SSH_TUN_OPENBSD |
101 | #include <net/if.h> | 80 | #include <net/if.h> |
102 | #endif | 81 | #endif |
103 | @@ -61,6 +62,7 @@ | 82 | @@ -723,6 +724,55 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, |
104 | #include "misc.h" | ||
105 | #include "log.h" | ||
106 | #include "ssh.h" | ||
107 | +#include "platform.h" | ||
108 | |||
109 | /* remove newline at end of string */ | ||
110 | char * | ||
111 | @@ -713,6 +715,71 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, | ||
112 | return -1; | 83 | return -1; |
113 | } | 84 | } |
114 | 85 | ||
115 | +/* | ||
116 | + * return 1 if the specified uid is a uid that may own a system directory | ||
117 | + * otherwise 0. | ||
118 | + */ | ||
119 | +int | ||
120 | +platform_sys_dir_uid(uid_t uid) | ||
121 | +{ | ||
122 | + if (uid == 0) | ||
123 | + return 1; | ||
124 | +#ifdef PLATFORM_SYS_DIR_UID | ||
125 | + if (uid == PLATFORM_SYS_DIR_UID) | ||
126 | + return 1; | ||
127 | +#endif | ||
128 | + return 0; | ||
129 | +} | ||
130 | + | ||
131 | +int | 86 | +int |
132 | +secure_permissions(struct stat *st, uid_t uid) | 87 | +secure_permissions(struct stat *st, uid_t uid) |
133 | +{ | 88 | +{ |
@@ -180,11 +135,31 @@ index cfd32729..6e972f56 100644 | |||
180 | int | 135 | int |
181 | tun_open(int tun, int mode) | 136 | tun_open(int tun, int mode) |
182 | { | 137 | { |
138 | @@ -1626,8 +1676,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, | ||
139 | snprintf(err, errlen, "%s is not a regular file", buf); | ||
140 | return -1; | ||
141 | } | ||
142 | - if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) || | ||
143 | - (stp->st_mode & 022) != 0) { | ||
144 | + if (!secure_permissions(stp, uid)) { | ||
145 | snprintf(err, errlen, "bad ownership or modes for file %s", | ||
146 | buf); | ||
147 | return -1; | ||
148 | @@ -1642,8 +1691,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, | ||
149 | strlcpy(buf, cp, sizeof(buf)); | ||
150 | |||
151 | if (stat(buf, &st) < 0 || | ||
152 | - (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || | ||
153 | - (st.st_mode & 022) != 0) { | ||
154 | + !secure_permissions(&st, uid)) { | ||
155 | snprintf(err, errlen, | ||
156 | "bad ownership or modes for directory %s", buf); | ||
157 | return -1; | ||
183 | diff --git a/misc.h b/misc.h | 158 | diff --git a/misc.h b/misc.h |
184 | index c242f901..8b223b55 100644 | 159 | index 153d1137..d8759ab1 100644 |
185 | --- a/misc.h | 160 | --- a/misc.h |
186 | +++ b/misc.h | 161 | +++ b/misc.h |
187 | @@ -143,6 +143,8 @@ char *read_passphrase(const char *, int); | 162 | @@ -163,6 +163,8 @@ char *read_passphrase(const char *, int); |
188 | int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); | 163 | int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); |
189 | int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); | 164 | int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); |
190 | 165 | ||
@@ -193,35 +168,11 @@ index c242f901..8b223b55 100644 | |||
193 | #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) | 168 | #define MINIMUM(a, b) (((a) < (b)) ? (a) : (b)) |
194 | #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) | 169 | #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) |
195 | #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) | 170 | #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) |
196 | diff --git a/platform.c b/platform.c | ||
197 | index cd7bf566..380ee3a4 100644 | ||
198 | --- a/platform.c | ||
199 | +++ b/platform.c | ||
200 | @@ -197,19 +197,3 @@ platform_krb5_get_principal_name(const char *pw_name) | ||
201 | return NULL; | ||
202 | #endif | ||
203 | } | ||
204 | - | ||
205 | -/* | ||
206 | - * return 1 if the specified uid is a uid that may own a system directory | ||
207 | - * otherwise 0. | ||
208 | - */ | ||
209 | -int | ||
210 | -platform_sys_dir_uid(uid_t uid) | ||
211 | -{ | ||
212 | - if (uid == 0) | ||
213 | - return 1; | ||
214 | -#ifdef PLATFORM_SYS_DIR_UID | ||
215 | - if (uid == PLATFORM_SYS_DIR_UID) | ||
216 | - return 1; | ||
217 | -#endif | ||
218 | - return 0; | ||
219 | -} | ||
220 | diff --git a/readconf.c b/readconf.c | 171 | diff --git a/readconf.c b/readconf.c |
221 | index 0b1370a8..70fac682 100644 | 172 | index 45caa095..be3d5873 100644 |
222 | --- a/readconf.c | 173 | --- a/readconf.c |
223 | +++ b/readconf.c | 174 | +++ b/readconf.c |
224 | @@ -1773,8 +1773,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, | 175 | @@ -1766,8 +1766,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, |
225 | 176 | ||
226 | if (fstat(fileno(f), &sb) == -1) | 177 | if (fstat(fileno(f), &sb) == -1) |
227 | fatal("fstat %s: %s", filename, strerror(errno)); | 178 | fatal("fstat %s: %s", filename, strerror(errno)); |
@@ -232,10 +183,10 @@ index 0b1370a8..70fac682 100644 | |||
232 | } | 183 | } |
233 | 184 | ||
234 | diff --git a/ssh.1 b/ssh.1 | 185 | diff --git a/ssh.1 b/ssh.1 |
235 | index 4011c65a..feef81a5 100644 | 186 | index 2ab1697f..3cc94688 100644 |
236 | --- a/ssh.1 | 187 | --- a/ssh.1 |
237 | +++ b/ssh.1 | 188 | +++ b/ssh.1 |
238 | @@ -1484,6 +1484,8 @@ The file format and configuration options are described in | 189 | @@ -1456,6 +1456,8 @@ The file format and configuration options are described in |
239 | .Xr ssh_config 5 . | 190 | .Xr ssh_config 5 . |
240 | Because of the potential for abuse, this file must have strict permissions: | 191 | Because of the potential for abuse, this file must have strict permissions: |
241 | read/write for the user, and not writable by others. | 192 | read/write for the user, and not writable by others. |
@@ -245,10 +196,10 @@ index 4011c65a..feef81a5 100644 | |||
245 | .It Pa ~/.ssh/environment | 196 | .It Pa ~/.ssh/environment |
246 | Contains additional definitions for environment variables; see | 197 | Contains additional definitions for environment variables; see |
247 | diff --git a/ssh_config.5 b/ssh_config.5 | 198 | diff --git a/ssh_config.5 b/ssh_config.5 |
248 | index e4eaa5ae..a04e5757 100644 | 199 | index d6f43c2d..7810a418 100644 |
249 | --- a/ssh_config.5 | 200 | --- a/ssh_config.5 |
250 | +++ b/ssh_config.5 | 201 | +++ b/ssh_config.5 |
251 | @@ -1827,6 +1827,8 @@ The format of this file is described above. | 202 | @@ -1786,6 +1786,8 @@ The format of this file is described above. |
252 | This file is used by the SSH client. | 203 | This file is used by the SSH client. |
253 | Because of the potential for abuse, this file must have strict permissions: | 204 | Because of the potential for abuse, this file must have strict permissions: |
254 | read/write for the user, and not accessible by others. | 205 | read/write for the user, and not accessible by others. |