openssh bugs - Oct 2014 - [Bug 2299] New: Disable uid=0 resetting test on Solaris

https://bugzilla.mindrot.org/show_bug.cgi?id=2299

            Bug ID: 2299
           Summary: Disable uid=0 resetting test on Solaris
           Product: Portable OpenSSH
           Version: 6.7p1
          Hardware: Sparc
                OS: Solaris
            Status: NEW
          Severity: normal
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: tomas.kuthan at oracle.com

Created attachment 2497
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2497&action=edit
Patch disabling uid=0 resetting test on Solaris

After the server process drops uid=0, a test is made to make sure
uid=0 cannot be reclaimed.

On Solaris, if a user is granted ALL privilege in a zone, this user
can successfully call setuid(0) and setgid(0). In this case it is
not due to a failure of dropping uid=0, sshd was started with.
Uid restoration test fails and the user is not permitted to log in.

This fix disables the check on Solaris.
For non-privileged users the inability to reclaim uid=0 is implied
from previous successful call to setresuid().
For user with ALL privilege in the zone the assertion in the test is
not correct; the ability to restore uid=0 stems from additional
privileges granted to the user.

The fix is implemented by replacing appropriate occurrences of
OS-based define HAVE_CYGWIN with functionality-based define
NO_UID_RESTORATION_TEST and defining it for Solaris and Cygwin
in configure.ac.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2299

Tomas Kuthan <tomas.kuthan at oracle.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2497|0                           |1
        is obsolete|                            |

--- Comment #1 from Tomas Kuthan <tomas.kuthan at oracle.com> ---
Created attachment 2498
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2498&action=edit
Patch disabling uid=0 resetting test on Solaris

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2299

Tomas Kuthan <tomas.kuthan at oracle.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |DUPLICATE

--- Comment #2 from Tomas Kuthan <tomas.kuthan at oracle.com> ---
resolved as a part of fine-grained privileges wad

*** This bug has been marked as a duplicate of bug 2511 ***

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2299

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.