Aloha,
I'm curious about the following code at line 203 in uidswap.c:
/* Try restoration of GID if changed (test clearing of saved gid) */
if (old_gid != pw->pw_gid &&
(setgid(old_gid) != -1 || setegid(old_gid) != -1))
fatal("%s: was able to restore old [e]gid", __func__);
This causes permanently_set_uid to fail in the following case:
$ su
Password: ????????
# newgrp bin
# ssh remotehost
permanently_set_uid: was able to restore old [e]gid
#
Is this the desired behavior or should the code special case running as root?
- Glen Nakamura
On Fri, 27 Aug 2004 08:42:48 -1000, Glen Nakamura wrote:>$ su >Password: ???????? ># newgrp bin ># ssh remotehost >permanently_set_uid: was able to restore old [e]gid ># > >Is this the desired behavior or should the code special case running as >root?Darren posted a patch in comp.security.ssh which helped me with this. Go to groups.google.com and search for msgid:cge5kt$grt$1 at gate.dodgy.net.au Regards, Robert
Glen Nakamura wrote:> I'm curious about the following code at line 203 in uidswap.c: > > /* Try restoration of GID if changed (test clearing of saved gid) */ > if (old_gid != pw->pw_gid && > (setgid(old_gid) != -1 || setegid(old_gid) != -1)) > fatal("%s: was able to restore old [e]gid", __func__); > > This causes permanently_set_uid to fail in the following case: > > $ su > Password: ???????? > # newgrp bin > # ssh remotehost > permanently_set_uid: was able to restore old [e]gid > # > > Is this the desired behavior or should the code special case running as root?It's desired behaviour for permanently_set_uid(), but it should be special-cased in ssh and ssh-keysign (because uid==0 *is* special: unlike most uids it can set its gid to whatever it wants). I think something like the attached is needed (applies to -current but the changes are simple to backport to 3.9p1). -- Darren Tucker (dtucker at zip.com.au) GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement. -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: openssh-ssh-ruid2.patch Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20040829/79a91ce3/attachment.ksh