bugzilla-daemon at mindrot.org
2006-Apr-11 20:57 UTC
[Bug 1182] uid 0, gid !=0 fools defensive check in uidswap.c
http://bugzilla.mindrot.org/show_bug.cgi?id=1182 Summary: uid 0, gid !=0 fools defensive check in uidswap.c Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P4 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: csmith at stoneboro.uucp.cirr.com I no longer have a test setup to check if this is still broken -- sorry -- but I thought you'd like to know about it anyway. If your uid is 0, the code in permanently_set_uid() to check if its setresgid worked properly is fooled. see bugs.gentoo.org #77915 comments 5, 6, 7. Thanks for openssh. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2006-Apr-17 12:59 UTC
[Bug 1182] uid 0, gid !=0 fools defensive check in uidswap.c
http://bugzilla.mindrot.org/show_bug.cgi?id=1182 dtucker at zip.com.au changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Comment #1 from dtucker at zip.com.au 2006-04-17 22:59 ------- Thanks, but this was fixed in 4.0p1, which had this change (uidswap.c rev 1.45): - if (old_gid != pw->pw_gid && + if (old_gid != pw->pw_gid && pw->pw_uid != 0 && Emulating your falure case ("su - root; newgrp foo") works ok. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.