search for: uidswap

Fixes a potential (but probably rather unlikely) use after free bug in function temporarily_use_uid(), file uidswap.c. --- a/uidswap.c +++ b/uidswap.c @@ -113,8 +113,9 @@ temporarily_use_uid(struct passwd *pw) } } /* Set the effective uid to the given (unprivileged) uid. */ - if (setgroups(user_groupslen, user_groups) < 0) - fatal("setgroups: %.100s&qu...

All, Could someone explain the purpose of the uidswap functions with respect to ssh ( the client ). From what I gathered , ssh installs as setuid root and swaps ids when reading potential key files that may be read only by root. Also , I think when binding to a privileged port ssh swaps id. Is that so? What are the consequnences if you do not insta...

...vert to the saved uid unfortunately works on Cygwin though it shouldn't. The reason is that a Windows NT process always can revert to its previous privileges. There's no such concept of giving up rights in a process permanently. This is only possible for a child process. Corinna Index: uidswap.c =================================================================== RCS file: /cvs/openssh_cvs/uidswap.c,v retrieving revision 1.39 diff -p -u -r1.39 uidswap.c --- uidswap.c 6 Sep 2003 06:44:39 -0000 1.39 +++ uidswap.c 16 Sep 2003 14:47:54 -0000 @@ -191,10 +191,12 @@ permanently_set_uid(struct pa...

Hi, the below patch solves the same problem for gids as has already been solved for uids. Windows has no concept of permanently changing the identity. It's always possible to revert to the original identity. Thanks, Corinna Index: uidswap.c =================================================================== RCS file: /cvs/openssh_cvs/uidswap.c,v retrieving revision 1.44 diff -p -u -r1.44 uidswap.c --- uidswap.c 24 Feb 2004 02:17:30 -0000 1.44 +++ uidswap.c 22 Sep 2004 18:17:44 -0000 @@ -200,10 +200,12 @@ permanently_set_uid(struct p...

...ent access token on NT and just return 1 on 9x systems. The advantage would be that we could remove lots of #ifdef stuff which is just there because of these non-portable uid == 0 tests. I would be willing to submit a patch for this, provided that it has a chance for inclusion. Corinna Index: uidswap.c =================================================================== RCS file: /cvs/openssh_cvs/uidswap.c,v retrieving revision 1.45 diff -p -u -r1.45 uidswap.c --- uidswap.c 19 Oct 2004 06:33:33 -0000 1.45 +++ uidswap.c 19 Feb 2005 10:33:38 -0000 @@ -56,10 +56,12 @@ temporarily_use_uid(struct pas...

[resending with uidswap.c instead of uidwrap.c] Once I got past the missing inet_ntoa.h weirdness, I ran into an sshd that died a lot. It appears that IRIX doesn't like some of the extra checks added between 1.23 and 1.24 of uidswap.c. Not sure if that constitutes an IRIX bug or not, but helpfully this helps someo...

http://bugzilla.mindrot.org/show_bug.cgi?id=374 Summary: uidswap.c doesn't compile on SCO 3.2v4.2 Product: Portable OpenSSH Version: -current Platform: ix86 OS/Version: other Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: openssh-unix-dev a...

http://bugzilla.mindrot.org/show_bug.cgi?id=787 Summary: Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd) Product: Portable OpenSSH Version: 3.7.1p2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org ReportedBy: holger at...

http://bugzilla.mindrot.org/show_bug.cgi?id=1182 Summary: uid 0, gid !=0 fools defensive check in uidswap.c Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P4 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy: csmith at stoneboro....

EHLO, Somehow I don't think it makes any sense to test whether the gid/egid can be changed, if the original uid happened to be root. Root can always change the gid/egid anyhow. So, I would like to propose the following change to 3.9p1... --- uidswap.c.orig Sun Aug 29 15:43:57 2004 +++ uidswap.c Sun Aug 29 15:44:05 2004 @@ -201,7 +201,7 @@ #endif /* Try restoration of GID if changed (test clearing of saved gid) */ - if (old_gid != pw->pw_gid && + if (old_uid && (old_gid != pw->pw_gid) && (setgid(old_gid)...

A change was recently introduced into uidswap.c to cover the case where the user is root. The change is "&& pw->pw_uid != 0 &&". /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid)...

...makes the number of allowed simultaneous (per-user) secondary groups a compile-time decision. $ find . -name \*.c | xargs grep NGROUPS_MAX ./groupaccess.c:static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ ./groupaccess.c: gid_t groups_bygid[NGROUPS_MAX + 1]; ./uidswap.c:static gid_t saved_egroups[NGROUPS_MAX], user_groups[NGROUPS_MAX]; ./uidswap.c: saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups); ./uidswap.c: user_groupslen = getgroups(NGROUPS_MAX, user_groups); POSIX defined sysconf in order to avoid this. By using sysconf(_SC_NG...

Hi, With recent snapshots, I noted a warning in compilation on Red Hat Linux 7.3 system with glibc 2.2.5: uidswap.c: In function `permanently_set_uid': uidswap.c:155: warning: implicit declaration of function `setresgid' uidswap.c:168: warning: implicit declaration of function `setresuid' The problem appears to be that these should be prototyped in unistd.h, but aren't. There are no prototype...

...sshd does not appear to be functioning properly for non-root users. After connecting and providing a password, the connection is closed, and we appear to get 3 messages in syslog like the following: fatal: permanently_set_uid: was able to restore old [e]uid It appears this may be coming out of uidswap.c As I mentioned, this problem does *not* occur if I'm logging in as root. I don't know if this is relevent or not, but UsePrivilegeSeparation is set to no. Any ideas/suggestions on this? FYI, this problem only came up since 3.7.1p2. We had 3.6.1p2 installed previously (using openssl 0...

http://bugzilla.mindrot.org/show_bug.cgi?id=374 mouring at eviladmin.org changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED ------- Additional Comments From mouring at eviladmin.org

...82409 geteuid 82409 anon 1 debug: Connecting to 1.2.3.4 [1.2.3.4] port 3400. debug: Connection established. debug: Setting sat id to 82409 error setting satid: Operation not permitted debug: Calling cleanup 0x1003ddc0(0x0) ---END ERROR LISTING--- The acutal error is generated from lines 89-95 of uidswap.c ---BEGIN UIDSWAP CODE--- 82 /* 83 * Permanently sets all uids to the given uid. This cannot be 84 * called while temporarily_use_uid is effective. 85 */ 86 void 87 permanently_set_uid(uid_t uid) 88 { 89 #ifdef WITH_IRIX_AUDIT 90 if (syscon...

...the NGROUPS_MAX limit from 32 to 64k. In doing an audit of various tools, openssh turned up as having incorrect groups handling. Almost no user-space apps really care about NGROUPS_MAX. A proposed patch (untested, since the CVS build won't compile on my RH box.. :-/) : What think? Index: uidswap.c =================================================================== RCS file: /cvs/openssh/uidswap.c,v retrieving revision 1.42 diff -u -u -r1.42 uidswap.c --- uidswap.c 17 Dec 2003 07:53:26 -0000 1.42 +++ uidswap.c 19 Feb 2004 23:50:38 -0000 @@ -38,7 +38,7 @@ /* Saved effective uid. */ static...

...arily '.'. - fixprogs lives in $(srcdir), not necessarily '.'. - Separate CFLAGS from CPPFLAGS, so one can override CFLAGS from the command line without whacking include paths. configure.in: - Find OpenSSL install as a framework. (-framework OpenSSL instead of -lcrypto) uidswap.c: - Fix apparent typo. Index: Services/OpenSSH/openssh/Makefile.in diff -u Services/OpenSSH/openssh/Makefile.in:1.1.1.3 Services/OpenSSH/openssh/Makefile.in:1.7 --- Services/OpenSSH/openssh/Makefile.in:1.1.1.3 Wed Jul 12 20:13:08 2000 +++ Services/OpenSSH/openssh/Makefile.in Mon Aug 14 19:36...

...mode & 037) != 0) || + (st.st_uid != 0 && (st.st_mode & 077) != 0)) { close(fd); error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); diff -ur openssh-2.5.2p2.orig/uidswap.c openssh-2.5.2p2/uidswap.c --- openssh-2.5.2p2.orig/uidswap.c Mon Feb 26 22:39:07 2001 +++ openssh-2.5.2p2/uidswap.c Sat Apr 21 23:23:00 2001 @@ -32,6 +32,7 @@ #define SAVED_IDS_WORK_WITH_SETEUID /* Saved effective uid. */ static uid_t saved_euid = 0; +static gid_t saved_egid = 0; #endif /*...

.../usr/local/include -DETCDIR=\"/etc/ssh\" -D_PATH_SSH_PROGRAM =\"/usr/ssh/bin/ssh\" -D_PATH_SSH_ASKPASS_DEFAULT =\"/usr/ssh/libexec/ssh-askpass\" -D_PATH_SFTP_SERVER =\"/usr/ssh/libexec/sftp-server\" -D_PATH_SSH_PIDDIR=\"/etc/ssh\" -DHAVE_CONFIG_H -c uidswap.c uidswap.c: In function `temporarily_use_uid': uidswap.c:56: warning: int format, uid_t arg (arg 2) uidswap.c:56: warning: int format, gid_t arg (arg 3) uidswap.c:56: warning: int format, uid_t arg (arg 4) ...... gcc -static -Wall -Wpointer-arith -Wno-uninitialized -I. -I. -I/usr/local/include...