aboutsummaryrefslogtreecommitdiffstats
path: root/security/openssh
diff options
context:
space:
mode:
authordinoex <dinoex@FreeBSD.org>2001-06-09 12:59:10 +0800
committerdinoex <dinoex@FreeBSD.org>2001-06-09 12:59:10 +0800
commit7e263f6a15bdcdfbf78be6982a8df1e3869ed2c5 (patch)
tree74c5cc04b24c7c2787b5c788ecbfaad048547441 /security/openssh
parent07ad2d09150552805a5f99ad8cd47024325ca9a7 (diff)
downloadfreebsd-ports-gnome-7e263f6a15bdcdfbf78be6982a8df1e3869ed2c5.tar.gz
freebsd-ports-gnome-7e263f6a15bdcdfbf78be6982a8df1e3869ed2c5.tar.zst
freebsd-ports-gnome-7e263f6a15bdcdfbf78be6982a8df1e3869ed2c5.zip
- Switch to the user's uid before attempting to unlink the auth forwarding
file, nullifying the effects of a race. - Bump PORTREVISION Submitted by: green@FreeBSD.org
Diffstat (limited to 'security/openssh')
-rw-r--r--security/openssh/Makefile1
-rw-r--r--security/openssh/files/patch-cookie193
2 files changed, 194 insertions, 0 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index ba63f71b0661..27bd8783b745 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -7,6 +7,7 @@
PORTNAME= OpenSSH
PORTVERSION= 2.9
+RTREVISION= 1
CATEGORIES= security
MASTER_SITES= ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/ \
ftp://ftp.usa.openbsd.org/pub/OpenBSD/OpenSSH/ \
diff --git a/security/openssh/files/patch-cookie b/security/openssh/files/patch-cookie
new file mode 100644
index 000000000000..92cc4ab7570d
--- /dev/null
+++ b/security/openssh/files/patch-cookie
@@ -0,0 +1,193 @@
+--- channels.c.orig Tue Apr 17 14:55:03 2001
++++ channels.c Sat Jun 9 06:43:41 2001
+@@ -1612,7 +1612,7 @@
+ switch (channels[i].type) {
+ case SSH_CHANNEL_AUTH_SOCKET:
+ close(channels[i].sock);
+- unlink(channels[i].path);
++ /* auth_sock_cleanup_proc deletes the socket */
+ channel_free(i);
+ break;
+ case SSH_CHANNEL_PORT_LISTENER:
+@@ -2524,10 +2524,17 @@
+ /* removes the agent forwarding socket */
+
+ void
+-cleanup_socket(void)
++auth_sock_cleanup_proc(void *_pw)
+ {
+- unlink(channel_forwarded_auth_socket_name);
+- rmdir(channel_forwarded_auth_socket_dir);
++ struct passwd *pw = _pw;
++
++ if (channel_forwarded_auth_socket_name) {
++ temporarily_use_uid(pw);
++ unlink(channel_forwarded_auth_socket_name);
++ rmdir(channel_forwarded_auth_socket_dir);
++ channel_forwarded_auth_socket_name = NULL;
++ restore_uid();
++ }
+ }
+
+ /*
+@@ -2566,11 +2573,9 @@
+ snprintf(channel_forwarded_auth_socket_name, MAX_SOCKET_NAME, "%s/agent.%d",
+ channel_forwarded_auth_socket_dir, (int) getpid());
+
+- if (atexit(cleanup_socket) < 0) {
+- int saved = errno;
+- cleanup_socket();
+- packet_disconnect("socket: %.100s", strerror(saved));
+- }
++ /* delete agent socket on fatal() */
++ fatal_add_cleanup(auth_sock_cleanup_proc, pw);
++
+ /* Create the socket. */
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (sock < 0)
+--- channels.h.orig Sat Apr 14 00:46:53 2001
++++ channels.h Sat Jun 9 06:43:41 2001
+@@ -303,6 +303,7 @@
+ void auth_input_open_request(int type, int plen, void *ctxt);
+
+ /* XXX */
++void auth_sock_cleanup_proc(void *pw);
+ int channel_connect_to(const char *host, u_short host_port);
+ int channel_connect_by_listen_adress(u_short listen_port);
+ int x11_connect_display(void);
+--- session.c.orig Sat Jun 9 06:43:40 2001
++++ session.c Sat Jun 9 06:43:41 2001
+@@ -101,6 +101,7 @@
+ void do_child(Session *s, const char *command);
+ void do_motd(void);
+ int check_quietlogin(Session *s, const char *command);
++void xauthfile_cleanup_proc(void *pw);
+
+ void do_authenticated1(Authctxt *authctxt);
+ void do_authenticated2(Authctxt *authctxt);
+@@ -160,18 +161,26 @@
+ do_authenticated2(authctxt);
+ else
+ do_authenticated1(authctxt);
++
++ /* remote user's local Xauthority file and agent socket */
++ if (xauthfile)
++ xauthfile_cleanup_proc(authctxt->pw);
++ if (auth_get_socket_name())
++ auth_sock_cleanup_proc(authctxt->pw);
+ }
+
+ /*
+ * Remove local Xauthority file.
+ */
+ void
+-xauthfile_cleanup_proc(void *ignore)
++xauthfile_cleanup_proc(void *_pw)
+ {
+- debug("xauthfile_cleanup_proc called");
++ struct passwd *pw = _pw;
++ char *p;
+
++ debug("xauthfile_cleanup_proc called");
+ if (xauthfile != NULL) {
+- char *p;
++ temporarily_use_uid(pw);
+ unlink(xauthfile);
+ p = strrchr(xauthfile, '/');
+ if (p != NULL) {
+@@ -180,6 +189,7 @@
+ }
+ xfree(xauthfile);
+ xauthfile = NULL;
++ restore_uid();
+ }
+ }
+
+@@ -218,6 +228,7 @@
+ int success, type, fd, n_bytes, plen, screen_flag, have_pty = 0;
+ int compression_level = 0, enable_compression_after_reply = 0;
+ u_int proto_len, data_len, dlen;
++ struct stat st;
+
+ s = session_new();
+ s->pw = authctxt->pw;
+@@ -300,7 +311,8 @@
+ packet_send_debug("X11 forwarding disabled in server configuration file.");
+ break;
+ }
+- if (!options.xauth_location) {
++ if (!options.xauth_location ||
++ (stat(options.xauth_location, &st) == -1)) {
+ packet_send_debug("No xauth program; cannot forward with spoofing.");
+ break;
+ }
+@@ -354,7 +366,7 @@
+ if (fd >= 0)
+ close(fd);
+ restore_uid();
+- fatal_add_cleanup(xauthfile_cleanup_proc, NULL);
++ fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
+ success = 1;
+ break;
+
+@@ -408,9 +420,6 @@
+
+ if (command != NULL)
+ xfree(command);
+- /* Cleanup user's local Xauthority file. */
+- if (xauthfile)
+- xauthfile_cleanup_proc(NULL);
+ return;
+
+ default:
+@@ -1113,10 +1122,11 @@
+ #endif /* __FreeBSD__ */
+ /* ignore _PATH_SSH_USER_RC for subsystems */
+ if (!s->is_subsystem && (stat(_PATH_SSH_USER_RC, &st) >= 0)) {
++ snprintf(cmd, sizeof cmd, "%s -c '%s %s'",
++ shell, _PATH_BSHELL, _PATH_SSH_USER_RC);
+ if (debug_flag)
+- fprintf(stderr, "Running %s %s\n", _PATH_BSHELL,
+- _PATH_SSH_USER_RC);
+- f = popen(_PATH_BSHELL " " _PATH_SSH_USER_RC, "w");
++ fprintf(stderr, "Running %s\n", cmd);
++ f = popen(cmd, "w");
+ if (f) {
+ if (do_xauth)
+ fprintf(f, "%s %s\n", s->auth_proto,
+@@ -1433,6 +1443,7 @@
+ session_x11_req(Session *s)
+ {
+ int fd;
++ struct stat st;
+ if (no_x11_forwarding_flag) {
+ debug("X11 forwarding disabled in user configuration file.");
+ return 0;
+@@ -1441,6 +1452,11 @@
+ debug("X11 forwarding disabled in server configuration file.");
+ return 0;
+ }
++ if (!options.xauth_location ||
++ (stat(options.xauth_location, &st) == -1)) {
++ packet_send_debug("No xauth program; cannot forward with spoofing.");
++ return 0;
++ }
+ if (xauthfile != NULL) {
+ debug("X11 fwd already started.");
+ return 0;
+@@ -1481,7 +1497,7 @@
+ if (fd >= 0)
+ close(fd);
+ restore_uid();
+- fatal_add_cleanup(xauthfile_cleanup_proc, s);
++ fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
+ return 1;
+ }
+
+@@ -1775,6 +1791,4 @@
+ {
+
+ server_loop2();
+- if (xauthfile)
+- xauthfile_cleanup_proc(NULL);
+ }