bugzilla-daemon at mindrot.org
2003-May-06 15:48 UTC
[Bug 555] If user does a newgrp before envoking ssh, it fails with a setgid error.
http://bugzilla.mindrot.org/show_bug.cgi?id=555
Summary: If user does a newgrp before envoking ssh, it fails with
a setgid error.
Product: Portable OpenSSH
Version: older versions
Platform: UltraSparc
OS/Version: Solaris
Status: NEW
Severity: normal
Priority: P2
Component: ssh
AssignedTo: openssh-unix-dev at mindrot.org
ReportedBy: cknipe at register.com
If a user does a newgrp to change their group id to a group they are a member
of, which is not their primary group, ssh gets upset. For example:
ichernysh at ofdb02:/home.local/ichernysh$ id -a
uid=3059(ichernysh) gid=506(dba) groups=3059(ichernysh),506(dba)
ichernysh at ofdb02:/home.local/ichernysh$ newgrp dba
ichernysh at ofdb02:/home.local/ichernysh$ ssh 127.0.0.1
setgid 3059: Not owner
ichernysh at ofdb02:/home.local/ichernysh$ ssh 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be
established.
RSA key fingerprint is 17:68:99:5f:02:ab:70:88:25:bd:88:a2:ef:96:a2:f0.
Are you sure you want to continue connecting (yes/no)?
The version of ssh in question is:
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
I realize this is fairly old, but I found no reference to this bug anywhere in
the bug reports for any version.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-May-06 16:18 UTC
[Bug 555] If user does a newgrp before envoking ssh, it fails with a setgid error.
http://bugzilla.mindrot.org/show_bug.cgi?id=555 ------- Additional Comments From wknox at mitre.org 2003-05-07 02:18 ------- This works fine for me OpenSSH 3.5p1 Solaris 8 (108528-18) GNU bash, version 2.03.0(1) ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-May-06 23:33 UTC
[Bug 555] If user does a newgrp before envoking ssh, it fails with a setgid error.
http://bugzilla.mindrot.org/show_bug.cgi?id=555 ------- Additional Comments From dtucker at zip.com.au 2003-05-07 09:33 ------- Works for me too (OpenSSH 3.6.1p2, Solaris 8, 108528-14). Newer versions of OpenSSH no longer make ssh setuid, perhaps that's the difference. $ id uid=500(dtucker) gid=500(dtucker) groups=500(dtucker),514(cvs) $ newgrp cvs $ ssh localhost dtucker at localhost's password: $ ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-May-07 13:35 UTC
[Bug 555] If user does a newgrp before envoking ssh, it fails with a setgid error.
http://bugzilla.mindrot.org/show_bug.cgi?id=555 ------- Additional Comments From cknipe at register.com 2003-05-07 23:35 ------- In that case, sorry to bother with an old bug, I'll upgrade at my next maintenance window. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2003-May-14 11:07 UTC
[Bug 555] If user does a newgrp before envoking ssh, it fails with a setgid error.
http://bugzilla.mindrot.org/show_bug.cgi?id=555
dtucker at zip.com.au changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |WORKSFORME
------- Additional Comments From dtucker at zip.com.au 2003-05-14 21:07 -------
Please re-open if you can reproduce with current versions, this seems to be OK
now.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
Maybe Matching Threads
- Bug#545318: logcheck-database: please add rule for newgrp messages
- [Bug 136] New: setgid() deemed to fail for non-suid ssh client on linux if using other than primary group
- OpenSSH-3.9p1 permanently_set_uid behavior on Linux
- rh62 suid files
- [Bug 13239] New: "rsync --times" does not keep dirs' setgid bits when user not member of setgid group