openssh unix dev - May 2003 - [Bug 555] If user does a newgrp before envoking ssh, it fails with a setgid error.

http://bugzilla.mindrot.org/show_bug.cgi?id=555

           Summary: If user does a newgrp before envoking ssh, it fails with
                    a setgid error.
           Product: Portable OpenSSH
           Version: older versions
          Platform: UltraSparc
        OS/Version: Solaris
            Status: NEW
          Severity: normal
          Priority: P2
         Component: ssh
        AssignedTo: openssh-unix-dev at mindrot.org
        ReportedBy: cknipe at register.com


If a user does a newgrp to change their group id to a group they are a member 
of, which is not their primary group, ssh gets upset.  For example:

ichernysh at ofdb02:/home.local/ichernysh$ id -a
uid=3059(ichernysh) gid=506(dba) groups=3059(ichernysh),506(dba)
ichernysh at ofdb02:/home.local/ichernysh$ newgrp dba
ichernysh at ofdb02:/home.local/ichernysh$ ssh 127.0.0.1
setgid 3059: Not owner
ichernysh at ofdb02:/home.local/ichernysh$ ssh 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be
established.
RSA key fingerprint is 17:68:99:5f:02:ab:70:88:25:bd:88:a2:ef:96:a2:f0.
Are you sure you want to continue connecting (yes/no)?

The version of ssh in question is:
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f

I realize this is fairly old, but I found no reference to this bug anywhere in 
the bug reports for any version.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=555





------- Additional Comments From wknox at mitre.org  2003-05-07 02:18 -------
This works fine for me

OpenSSH 3.5p1
Solaris 8 (108528-18)
GNU bash, version 2.03.0(1)



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=555





------- Additional Comments From dtucker at zip.com.au  2003-05-07 09:33 -------
Works for me too (OpenSSH 3.6.1p2, Solaris 8, 108528-14).

Newer versions of OpenSSH no longer make ssh setuid, perhaps that's the 
difference.

$ id
uid=500(dtucker) gid=500(dtucker) groups=500(dtucker),514(cvs)
$ newgrp cvs
$ ssh localhost
dtucker at localhost's password:
$



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=555





------- Additional Comments From cknipe at register.com  2003-05-07 23:35
-------
In that case, sorry to bother with an old bug, I'll upgrade at my next 
maintenance window.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

http://bugzilla.mindrot.org/show_bug.cgi?id=555

dtucker at zip.com.au changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |WORKSFORME



------- Additional Comments From dtucker at zip.com.au  2003-05-14 21:07 -------
Please re-open if you can reproduce with current versions, this seems to be OK 
now.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.