OpenSSH 3.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.3: ============================ Security Changes: ================ All versions of OpenSSH's sshd between 2.9.9 and 3.3 contain an input validation error that can result in an integer overflow and privilege escalation. OpenSSH 3.4 fixes this bug. In addition, OpenSSH 3.4 adds many checks to detect invalid input and mitigate resource exhaustion attacks. OpenSSH 3.2 and later prevent privilege escalation if UsePrivilegeSeparation is enabled in sshd_config. OpenSSH 3.3 enables UsePrivilegeSeparation by default. Reporting Bugs: ============== - please read http://www.openssh.com/report.html and http://bugzilla.mindrot.org/ OpenSSH is brought to you by Markus Friedl, Niels Provos, Theo de Raadt, Kevin Steves, Damien Miller and Ben Lindstrom.
On Wed, Jun 26, 2002 at 04:40:31PM +0200, Markus Friedl wrote:> OpenSSH 3.4 has just been released. It will be available from the > mirrors listed at http://www.openssh.com/ shortly. > [...] > In addition, OpenSSH 3.4 adds many checks to detect > invalid input and mitigate resource exhaustion attacks.Cool. This version introduces a new error: --- sshd.c.orig 2002-06-26 18:21:03.000000000 +0200 +++ sshd.c 2002-06-26 18:20:55.000000000 +0200 @@ -1035,7 +1035,13 @@ main(int ac, char **av) (S_ISDIR(st.st_mode) == 0)) fatal("Missing privilege separation directory: %s", _PATH_PRIVSEP_CHROOT_DIR); +#ifdef HAVE_CYGWIN + if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) && + (st.st_uid != getuid () || + (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) +#else if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) +#endif fatal("Bad owner or mode for %s", _PATH_PRIVSEP_CHROOT_DIR); } I really wanted to test Ben's test version but there's also a time for sleep and when I tried to download that testversion it was already unavailable. Thanks, Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com
Sigh... Even though it is listed on all the mirror site web pages, openssh-3.4p1.tar.gz is not actually on the ftp sites. The only location that pretends to have it available is ftp.openbsd.org and there the transfer hangs... Bob
On Wed, Jun 26, 2002 at 06:21:03PM +0200, Corinna Vinschen wrote:> --- sshd.c.orig 2002-06-26 18:21:03.000000000 +0200 > +++ sshd.c 2002-06-26 18:20:55.000000000 +0200 > @@ -1035,7 +1035,13 @@ main(int ac, char **av) > (S_ISDIR(st.st_mode) == 0)) > fatal("Missing privilege separation directory: %s", > _PATH_PRIVSEP_CHROOT_DIR); > +#ifdef HAVE_CYGWIN > + if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) && > + (st.st_uid != getuid () || > + (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) > +#else > if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) > +#endif > fatal("Bad owner or mode for %s", > _PATH_PRIVSEP_CHROOT_DIR); > }Hi, is that patch ok to get into the sources or should it be changed somehow? Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com
Maybe Matching Threads
- [PATCH]: Add check_ntsec to ownership/mode tests
- pty_setowner and tty permissions
- [PATCH]: Allow SSHD to install as service under WIndows 9x/Me
- [PATCH 2/2] Cygwin: implement case-insensitive Unicode user and group name matching
- [PATCH]: Fix potential security hole in Cygwin version