From 57a4476a69e1d64d051b766b0ac9c9c3ef496864 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 20 Apr 2004 20:11:57 +1000 Subject: - djm@cvs.openbsd.org 2004/04/18 23:10:26 [readconf.c readconf.h ssh-keysign.c ssh.c] perform strict ownership and modes checks for ~/.ssh/config files, as these can be used to execute arbitrary programs; ok markus@ NB. ssh will now exit when it detects a config with poor permissions --- ssh-keysign.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'ssh-keysign.c') diff --git a/ssh-keysign.c b/ssh-keysign.c index 9e9ebe2f1..e642948a0 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -22,7 +22,7 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ #include "includes.h" -RCSID("$OpenBSD: ssh-keysign.c,v 1.15 2004/01/19 21:25:15 markus Exp $"); +RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); #include #include @@ -168,7 +168,7 @@ main(int argc, char **argv) /* verify that ssh-keysign is enabled by the admin */ original_real_uid = getuid(); /* XXX readconf.c needs this */ initialize_options(&options); - (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options); + (void)read_config_file(_PATH_HOST_CONFIG_FILE, "", &options, 0); fill_default_options(&options); if (options.enable_ssh_keysign != 1) fatal("ssh-keysign not enabled in %s", -- cgit v1.2.3 From ba6de952a00558e6d93b8c9edd81806a99716411 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sat, 17 Jul 2004 14:07:42 +1000 Subject: - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces diff vs OpenBSD; ok mouring@, tested by tim@ too. --- ChangeLog | 8 +++++++- logintest.c | 6 +----- openbsd-compat/bsd-misc.c | 6 +++++- scp.c | 4 ---- sftp-server.c | 4 ---- sftp.c | 4 ---- ssh-add.c | 6 ------ ssh-agent.c | 4 ---- ssh-keygen.c | 4 ---- ssh-keyscan.c | 4 ---- ssh-keysign.c | 4 ---- ssh-rand-helper.c | 6 +----- ssh.c | 4 ---- sshd.c | 4 ---- 14 files changed, 14 insertions(+), 54 deletions(-) (limited to 'ssh-keysign.c') diff --git a/ChangeLog b/ChangeLog index f6447bb86..a36c1dd22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,9 @@ +20040717 + - (dtucker) [logintest.c scp.c sftp-server.c sftp.c ssh-add.c ssh-agent.c + ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rand-helper.c ssh.c sshd.c + openbsd-compat/bsd-misc.c] Move "char *__progname" to bsd-misc.c. Reduces + diff vs OpenBSD; ok mouring@, tested by tim@ too. + 20040711 - (dtucker) [auth-pam.c] Check for zero from waitpid() too, which allows the monitor to properly clean up the PAM thread (Debian bug #252676). @@ -1503,4 +1509,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3473 2004/07/11 06:54:08 dtucker Exp $ +$Id: ChangeLog,v 1.3474 2004/07/17 04:07:42 dtucker Exp $ diff --git a/logintest.c b/logintest.c index 3f3997d10..95cce5a3a 100644 --- a/logintest.c +++ b/logintest.c @@ -43,13 +43,9 @@ #include "loginrec.h" -RCSID("$Id: logintest.c,v 1.10 2003/08/21 23:34:41 djm Exp $"); +RCSID("$Id: logintest.c,v 1.11 2004/07/17 04:07:42 dtucker Exp $"); -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif #define PAUSE_BEFORE_LOGOUT 3 diff --git a/openbsd-compat/bsd-misc.c b/openbsd-compat/bsd-misc.c index c58cce0f4..07b7c0755 100644 --- a/openbsd-compat/bsd-misc.c +++ b/openbsd-compat/bsd-misc.c @@ -17,7 +17,11 @@ #include "includes.h" #include "xmalloc.h" -RCSID("$Id: bsd-misc.c,v 1.22 2004/06/25 04:03:34 dtucker Exp $"); +RCSID("$Id: bsd-misc.c,v 1.23 2004/07/17 04:07:42 dtucker Exp $"); + +#ifndef HAVE__PROGNAME +char *__progname; +#endif /* * NB. duplicate __progname in case it is an alias for argv[0] diff --git a/scp.c b/scp.c index e559122a1..33c5891f2 100644 --- a/scp.c +++ b/scp.c @@ -80,11 +80,7 @@ RCSID("$OpenBSD: scp.c,v 1.116 2004/07/08 12:47:21 dtucker Exp $"); #include "misc.h" #include "progressmeter.h" -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif void bwlimit(int); diff --git a/sftp-server.c b/sftp-server.c index 1ff4750ea..e82280057 100644 --- a/sftp-server.c +++ b/sftp-server.c @@ -31,11 +31,7 @@ RCSID("$OpenBSD: sftp-server.c,v 1.47 2004/06/25 05:38:48 dtucker Exp $"); #define get_string(lenp) buffer_get_string(&iqueue, lenp); #define TRACE debug -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif /* input and output queue */ Buffer iqueue; diff --git a/sftp.c b/sftp.c index 1bc91a16e..4002304ec 100644 --- a/sftp.c +++ b/sftp.c @@ -55,11 +55,7 @@ int sort_flag; int remote_glob(struct sftp_conn *, const char *, int, int (*)(const char *, int), glob_t *); /* proto for sftp-glob.c */ -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif /* Separators for interactive commands */ #define WHITESPACE " \t\r\n" diff --git a/ssh-add.c b/ssh-add.c index 709a36bc1..06a52464e 100644 --- a/ssh-add.c +++ b/ssh-add.c @@ -49,12 +49,6 @@ RCSID("$OpenBSD: ssh-add.c,v 1.70 2004/05/08 00:21:31 djm Exp $"); #include "pathnames.h" #include "misc.h" -#ifdef HAVE___PROGNAME -extern char *__progname; -#else -char *__progname; -#endif - /* argv0 */ extern char *__progname; diff --git a/ssh-agent.c b/ssh-agent.c index ea84f2196..54ab4d7a2 100644 --- a/ssh-agent.c +++ b/ssh-agent.c @@ -106,11 +106,7 @@ char socket_dir[1024]; int locked = 0; char *lock_passwd = NULL; -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif /* Default lifetime (0 == forever) */ static int lifetime = 0; diff --git a/ssh-keygen.c b/ssh-keygen.c index d4d19d3a1..e8e579b5d 100644 --- a/ssh-keygen.c +++ b/ssh-keygen.c @@ -76,11 +76,7 @@ int print_generic = 0; char *key_type_name = NULL; /* argv0 */ -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif char hostname[MAXHOSTNAMELEN]; diff --git a/ssh-keyscan.c b/ssh-keyscan.c index 01615b5c3..fd3185adf 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c @@ -49,11 +49,7 @@ int timeout = 5; int maxfd; #define MAXCON (maxfd - 10) -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif fd_set *read_wait; size_t read_wait_size; int ncon; diff --git a/ssh-keysign.c b/ssh-keysign.c index e642948a0..cf8b0c2d2 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -45,11 +45,7 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); /* XXX readconf.c needs these */ uid_t original_real_uid; -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif static int valid_request(struct passwd *pw, char *host, Key **ret, u_char *data, diff --git a/ssh-rand-helper.c b/ssh-rand-helper.c index 471e7295b..86af3893d 100644 --- a/ssh-rand-helper.c +++ b/ssh-rand-helper.c @@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: ssh-rand-helper.c,v 1.17 2004/06/15 00:34:08 djm Exp $"); +RCSID("$Id: ssh-rand-helper.c,v 1.18 2004/07/17 04:07:42 dtucker Exp $"); /* Number of bytes we write out */ #define OUTPUT_SEED_SIZE 48 @@ -63,11 +63,7 @@ RCSID("$Id: ssh-rand-helper.c,v 1.17 2004/06/15 00:34:08 djm Exp $"); # define SSH_PRNG_COMMAND_FILE SSHDIR "/ssh_prng_cmds" #endif -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif #define WHITESPACE " \t\n" diff --git a/ssh.c b/ssh.c index 767d99ca9..f0c284df0 100644 --- a/ssh.c +++ b/ssh.c @@ -76,11 +76,7 @@ RCSID("$OpenBSD: ssh.c,v 1.222 2004/06/23 14:31:01 dtucker Exp $"); #include "scard.h" #endif -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif /* Flag indicating whether debug mode is on. This can be set on the command line. */ int debug_flag = 0; diff --git a/sshd.c b/sshd.c index 101419bed..6df8f252a 100644 --- a/sshd.c +++ b/sshd.c @@ -103,11 +103,7 @@ int deny_severity = LOG_WARNING; #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3) #define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) -#ifdef HAVE___PROGNAME extern char *__progname; -#else -char *__progname; -#endif /* Server configuration options. */ ServerOptions options; -- cgit v1.2.3 From 25f60a7ee780c2cd4a01e05698149d274821012f Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 15 Aug 2004 17:23:34 +1000 Subject: - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since it does the right thing on all platforms. ok djm@ --- ChangeLog | 6 +++++- Makefile.in | 6 +++--- ssh-keysign.c | 12 ++++++------ ssh.c | 7 +++++-- 4 files changed, 19 insertions(+), 12 deletions(-) (limited to 'ssh-keysign.c') diff --git a/ChangeLog b/ChangeLog index 00f38b465..d1936ac1d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20040815 + - (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since + it does the right thing on all platforms. ok djm@ + 20040814 - (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c] Explicitly set umask for mkstemp; ok djm@ @@ -1631,4 +1635,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.3508 2004/08/14 14:09:11 dtucker Exp $ +$Id: ChangeLog,v 1.3509 2004/08/15 07:23:34 dtucker Exp $ diff --git a/Makefile.in b/Makefile.in index 95b431105..194da9033 100644 --- a/Makefile.in +++ b/Makefile.in @@ -1,4 +1,4 @@ -# $Id: Makefile.in,v 1.261 2004/06/23 03:21:54 mouring Exp $ +# $Id: Makefile.in,v 1.262 2004/08/15 07:23:34 dtucker Exp $ # uncomment if you run a non bourne compatable shell. Ie. csh #SHELL = @SH@ @@ -67,7 +67,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \ compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \ log.o match.o moduli.o mpaux.o nchan.o packet.o \ readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \ - atomicio.o key.o dispatch.o kex.o mac.o uuencode.o misc.o \ + atomicio.o key.o dispatch.o kex.o mac.o uidswap.c uuencode.o misc.o \ monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \ entropy.o scard-opensc.o gss-genr.o @@ -76,7 +76,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ sshconnect.o sshconnect1.o sshconnect2.o SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ - sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o \ + sshpty.o sshlogin.o servconf.o serverloop.o \ auth.o auth1.o auth2.o auth-options.o session.o \ auth-chall.o auth2-chall.o groupaccess.o \ auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ diff --git a/ssh-keysign.c b/ssh-keysign.c index cf8b0c2d2..517655790 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -41,6 +41,7 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $"); #include "canohost.h" #include "pathnames.h" #include "readconf.h" +#include "uidswap.h" /* XXX readconf.c needs these */ uid_t original_real_uid; @@ -150,8 +151,11 @@ main(int argc, char **argv) key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); - seteuid(getuid()); - setuid(getuid()); + if ((pw = getpwuid(getuid())) == NULL) + fatal("getpwuid failed"); + pw = pwcopy(pw); + + permanently_set_uid(pw); init_rng(); seed_rng(); @@ -173,10 +177,6 @@ main(int argc, char **argv) if (key_fd[0] == -1 && key_fd[1] == -1) fatal("could not open any host key"); - if ((pw = getpwuid(getuid())) == NULL) - fatal("getpwuid failed"); - pw = pwcopy(pw); - SSLeay_add_all_algorithms(); for (i = 0; i < 256; i++) rnd[i] = arc4random(); diff --git a/ssh.c b/ssh.c index edf8f2c5e..1419f9874 100644 --- a/ssh.c +++ b/ssh.c @@ -71,6 +71,7 @@ RCSID("$OpenBSD: ssh.c,v 1.224 2004/07/28 09:40:29 markus Exp $"); #include "match.h" #include "msg.h" #include "monitor_fdpass.h" +#include "uidswap.h" #ifdef SMARTCARD #include "scard.h" @@ -644,8 +645,10 @@ again: * user's home directory if it happens to be on a NFS volume where * root is mapped to nobody. */ - seteuid(original_real_uid); - setuid(original_real_uid); + if (original_effective_uid == 0) { + PRIV_START; + permanently_set_uid(pw); + } /* * Now that we are back to our own permissions, create ~/.ssh -- cgit v1.2.3