Displaying 20 results from an estimated 104 matches for "uidswap".
Did you mean:
uidmap
2015 Jun 20
3
[PATCH] Fix potential use after free in uidswap.c (portable)
Fixes a potential (but probably rather unlikely) use after free bug in
function temporarily_use_uid(), file uidswap.c.
--- a/uidswap.c
+++ b/uidswap.c
@@ -113,8 +113,9 @@ temporarily_use_uid(struct passwd *pw)
}
}
/* Set the effective uid to the given (unprivileged) uid. */
- if (setgroups(user_groupslen, user_groups) < 0)
- fatal("setgroups: %.100s&qu...
2002 May 16
3
uidswap
All,
Could someone explain the purpose of the uidswap functions with
respect to ssh ( the client ). From what I gathered , ssh installs as
setuid root and swaps ids when reading potential key files that may be read
only by root. Also , I think when binding to a privileged port ssh swaps
id. Is that so? What are the consequnences if you do not insta...
2003 Sep 16
2
[PATCH] permanently_set_uid fails on Cygwin :-(
...vert to the saved uid unfortunately works on Cygwin though it
shouldn't. The reason is that a Windows NT process always can
revert to its previous privileges. There's no such concept of
giving up rights in a process permanently. This is only possible
for a child process.
Corinna
Index: uidswap.c
===================================================================
RCS file: /cvs/openssh_cvs/uidswap.c,v
retrieving revision 1.39
diff -p -u -r1.39 uidswap.c
--- uidswap.c 6 Sep 2003 06:44:39 -0000 1.39
+++ uidswap.c 16 Sep 2003 14:47:54 -0000
@@ -191,10 +191,12 @@ permanently_set_uid(struct pa...
2004 Sep 22
1
[PATCH] permanently_set_uid: Don't try restoring gid on Cygwin
Hi,
the below patch solves the same problem for gids as has already been
solved for uids. Windows has no concept of permanently changing the
identity. It's always possible to revert to the original identity.
Thanks,
Corinna
Index: uidswap.c
===================================================================
RCS file: /cvs/openssh_cvs/uidswap.c,v
retrieving revision 1.44
diff -p -u -r1.44 uidswap.c
--- uidswap.c 24 Feb 2004 02:17:30 -0000 1.44
+++ uidswap.c 22 Sep 2004 18:17:44 -0000
@@ -200,10 +200,12 @@ permanently_set_uid(struct p...
2005 Feb 19
0
[PATCH]: uidswap.c: Drop uid 0 check on Cygwin
...ent access token
on NT and just return 1 on 9x systems.
The advantage would be that we could remove lots of #ifdef stuff which
is just there because of these non-portable uid == 0 tests.
I would be willing to submit a patch for this, provided that it has a
chance for inclusion.
Corinna
Index: uidswap.c
===================================================================
RCS file: /cvs/openssh_cvs/uidswap.c,v
retrieving revision 1.45
diff -p -u -r1.45 uidswap.c
--- uidswap.c 19 Oct 2004 06:33:33 -0000 1.45
+++ uidswap.c 19 Feb 2005 10:33:38 -0000
@@ -56,10 +56,12 @@ temporarily_use_uid(struct pas...
2003 Sep 17
3
Use the OpenSSH 3.6 uidswap.c for building 3.7 under IRIX
[resending with uidswap.c instead of uidwrap.c]
Once I got past the missing inet_ntoa.h weirdness, I ran into an sshd
that died a lot. It appears that IRIX doesn't like some of the extra
checks added between 1.23 and 1.24 of uidswap.c. Not sure if that
constitutes an IRIX bug or not, but helpfully this helps someo...
2002 Jul 30
0
[Bug 374] New: uidswap.c doesn't compile on SCO 3.2v4.2
http://bugzilla.mindrot.org/show_bug.cgi?id=374
Summary: uidswap.c doesn't compile on SCO 3.2v4.2
Product: Portable OpenSSH
Version: -current
Platform: ix86
OS/Version: other
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: openssh-unix-dev a...
2004 Jan 13
3
[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)
http://bugzilla.mindrot.org/show_bug.cgi?id=787
Summary: Minor security problem due to use of deprecated
NGROUPS_MAX in uidswap.c (sshd)
Product: Portable OpenSSH
Version: 3.7.1p2
Platform: All
OS/Version: All
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: holger at...
2006 Apr 11
1
[Bug 1182] uid 0, gid !=0 fools defensive check in uidswap.c
http://bugzilla.mindrot.org/show_bug.cgi?id=1182
Summary: uid 0, gid !=0 fools defensive check in uidswap.c
Product: Portable OpenSSH
Version: 3.7.1p1
Platform: All
OS/Version: Linux
Status: NEW
Severity: minor
Priority: P4
Component: ssh
AssignedTo: bitbucket at mindrot.org
ReportedBy: csmith at stoneboro....
2004 Aug 29
0
uidswap.c breaks ssh when originating user is root
EHLO,
Somehow I don't think it makes any sense to test whether the
gid/egid can be changed, if the original uid happened to be
root. Root can always change the gid/egid anyhow.
So, I would like to propose the following change to 3.9p1...
--- uidswap.c.orig Sun Aug 29 15:43:57 2004
+++ uidswap.c Sun Aug 29 15:44:05 2004
@@ -201,7 +201,7 @@
#endif
/* Try restoration of GID if changed (test clearing of saved gid) */
- if (old_gid != pw->pw_gid &&
+ if (old_uid && (old_gid != pw->pw_gid) &&
(setgid(old_gid)...
2005 Jan 26
1
Question about a recent change to uidswap.c in the portability snapshot
A change was recently introduced into uidswap.c to cover the case where
the user is root. The change is "&& pw->pw_uid != 0 &&".
/* Try restoration of GID if changed (test clearing of saved
gid) */
if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
(setgid(old_gid)...
2002 Sep 25
1
NGROUPS_MAX
...makes
the number of allowed simultaneous (per-user) secondary groups a
compile-time decision.
$ find . -name \*.c | xargs grep NGROUPS_MAX
./groupaccess.c:static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */
./groupaccess.c: gid_t groups_bygid[NGROUPS_MAX + 1];
./uidswap.c:static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX];
./uidswap.c: saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
./uidswap.c: user_groupslen = getgroups(NGROUPS_MAX, user_groups);
POSIX defined sysconf in order to avoid this.
By using sysconf(_SC_NG...
2003 Aug 14
1
setres[gu]id implicit decl warning on Linux glibc
Hi,
With recent snapshots, I noted a warning in compilation on Red Hat Linux
7.3 system with glibc 2.2.5:
uidswap.c: In function `permanently_set_uid':
uidswap.c:155: warning: implicit declaration of function `setresgid'
uidswap.c:168: warning: implicit declaration of function `setresuid'
The problem appears to be that these should be prototyped in unistd.h, but
aren't. There are no prototype...
2003 Dec 13
2
problem in uidswap?
...sshd does not appear to be functioning properly for non-root users. After connecting and providing a password, the connection is closed, and we appear to get 3 messages in syslog like the following:
fatal: permanently_set_uid: was able to restore old [e]uid
It appears this may be coming out of uidswap.c
As I mentioned, this problem does *not* occur if I'm logging in as root.
I don't know if this is relevent or not, but UsePrivilegeSeparation is set to no.
Any ideas/suggestions on this?
FYI, this problem only came up since 3.7.1p2. We had 3.6.1p2 installed previously (using openssl 0...
2002 Jul 30
0
[Bug 374] uidswap.c doesn't compile on SCO 3.2v4.2
http://bugzilla.mindrot.org/show_bug.cgi?id=374
mouring at eviladmin.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
------- Additional Comments From mouring at eviladmin.org
2000 Aug 02
1
IRIX 6.5.5m openssh-2.1.1p4 IRIX_AUDIT PROBLEM
...82409 geteuid 82409 anon 1
debug: Connecting to 1.2.3.4 [1.2.3.4] port 3400.
debug: Connection established.
debug: Setting sat id to 82409
error setting satid: Operation not permitted
debug: Calling cleanup 0x1003ddc0(0x0)
---END ERROR LISTING---
The acutal error is generated from lines 89-95 of uidswap.c
---BEGIN UIDSWAP CODE---
82 /*
83 * Permanently sets all uids to the given uid. This cannot be
84 * called while temporarily_use_uid is effective.
85 */
86 void
87 permanently_set_uid(uid_t uid)
88 {
89 #ifdef WITH_IRIX_AUDIT
90 if (syscon...
2004 Feb 20
1
NGROUPS_MAX on Linux
...the NGROUPS_MAX limit from 32 to 64k. In doing an
audit of various tools, openssh turned up as having incorrect groups
handling. Almost no user-space apps really care about NGROUPS_MAX.
A proposed patch (untested, since the CVS build won't compile on my RH box..
:-/) :
What think?
Index: uidswap.c
===================================================================
RCS file: /cvs/openssh/uidswap.c,v
retrieving revision 1.42
diff -u -u -r1.42 uidswap.c
--- uidswap.c 17 Dec 2003 07:53:26 -0000 1.42
+++ uidswap.c 19 Feb 2004 23:50:38 -0000
@@ -38,7 +38,7 @@
/* Saved effective uid. */
static...
2000 Aug 15
0
[PATCH]: Port to Mac OS X/Darwin, misc
...arily '.'.
- fixprogs lives in $(srcdir), not necessarily '.'.
- Separate CFLAGS from CPPFLAGS, so one can override CFLAGS from the command
line without whacking include paths.
configure.in:
- Find OpenSSL install as a framework.
(-framework OpenSSL instead of -lcrypto)
uidswap.c:
- Fix apparent typo.
Index: Services/OpenSSH/openssh/Makefile.in
diff -u Services/OpenSSH/openssh/Makefile.in:1.1.1.3
Services/OpenSSH/openssh/Makefile.in:1.7
--- Services/OpenSSH/openssh/Makefile.in:1.1.1.3 Wed Jul 12 20:13:08 2000
+++ Services/OpenSSH/openssh/Makefile.in Mon Aug 14 19:36...
2001 Apr 22
1
relaxing access rights verifications
...mode & 037) != 0) ||
+ (st.st_uid != 0 && (st.st_mode & 077) != 0)) {
close(fd);
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @");
diff -ur openssh-2.5.2p2.orig/uidswap.c openssh-2.5.2p2/uidswap.c
--- openssh-2.5.2p2.orig/uidswap.c Mon Feb 26 22:39:07 2001
+++ openssh-2.5.2p2/uidswap.c Sat Apr 21 23:23:00 2001
@@ -32,6 +32,7 @@
#define SAVED_IDS_WORK_WITH_SETEUID
/* Saved effective uid. */
static uid_t saved_euid = 0;
+static gid_t saved_egid = 0;
#endif
/*...
2002 Jan 08
2
Compile SSH static on Solaris 2.7 (64Bit)
.../usr/local/include -DETCDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM
=\"/usr/ssh/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT
=\"/usr/ssh/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER
=\"/usr/ssh/libexec/sftp-server\" -D_PATH_SSH_PIDDIR=\"/etc/ssh\"
-DHAVE_CONFIG_H -c uidswap.c
uidswap.c: In function `temporarily_use_uid':
uidswap.c:56: warning: int format, uid_t arg (arg 2)
uidswap.c:56: warning: int format, gid_t arg (arg 3)
uidswap.c:56: warning: int format, uid_t arg (arg 4)
......
gcc -static -Wall -Wpointer-arith -Wno-uninitialized -I. -I.
-I/usr/local/include...