openssh unix dev - Mar 2002 - [Bug 136] New: setgid() deemed to fail for non-suid ssh client on linux if using other than primary group

http://bugzilla.mindrot.org/show_bug.cgi?id=136

           Summary: setgid() deemed to fail for non-suid ssh client on linux
                    if using other than primary group
           Product: Portable OpenSSH
           Version: 3.0.2p1
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: daniel.mueller at tm.uka.de


On Linux (at least -- I don?t know about BSD), trying to use a
non-suid-root ssh client while having switched to a group other than
the calling user's primary group (by sg or newgrp) fails with an error
message: setgid <primary group>: Operation not permitted

Looking for the reason of the failure, I found it in the function
permanently_set_uid() in uidswap.c: It tries to set the gid to the
value from /etc/passwd, which (at least on Linux) can only succeed if
either the process has superuser privileges (the binary is installed
suid root) or the real or effective gid is already that value. If a
user is currently using a gid of a group that she is member of but
which isn't her primary group from /etc/passwd, setgid() fails.

A solution could be either 
- to do nothing in permanently_set_uid() when euid != 0 (this is
  similar to the behaviour of temporarily_use_uid()). I'll append the
  short patch for this; I'm using it as a quick solution.
- or to set the uid/gid to the real uid/gid, thereby dropping any
  privileges that a suid-non-root binary might have. This might be a
  bit cleaner and needs a little more changing (I haven't done this
  yet, but can do on demand).

Regards,
Daniel M?ller

--- uidswap.c~	Thu Aug 16 01:17:22 2001
+++ uidswap.c	Thu Mar  7 16:12:25 2002
@@ -147,6 +147,7 @@
 {
 	if (temporarily_use_uid_effective)
 		fatal("restore_uid: temporarily_use_uid effective");
+	if (geteuid() != 0) return;
 	if (setgid(pw->pw_gid) < 0)
 		fatal("setgid %u: %.100s", (u_int) pw->pw_gid, strerror(errno));
if
(setuid(pw->pw_uid) < 0)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.