similar to: OpenSSH-3.9p1 permanently_set_uid behavior on Linux

Hi, the below patch solves the same problem for gids as has already been solved for uids. Windows has no concept of permanently changing the identity. It's always possible to revert to the original identity. Thanks, Corinna Index: uidswap.c =================================================================== RCS file: /cvs/openssh_cvs/uidswap.c,v retrieving revision 1.44 diff -p -u -r1.44

A change was recently introduced into uidswap.c to cover the case where the user is root. The change is "&& pw->pw_uid != 0 &&". /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid) != -1 || setegid(old_gid) != -1))

Hello All, The changing of group for the root results in the following message with OpenSSH 3.9p1 "permanently_set_uid: was able to restore old [e]gid" The following change in uidswap.c fixes me the problem. /* Try restoration of GID if changed (test clearing of saved gid) */ - if (old_gid != pw->pw_gid && + if(getgid() != pw->pw_gid && (setgid(old_gid)

http://bugzilla.mindrot.org/show_bug.cgi?id=1182 Summary: uid 0, gid !=0 fools defensive check in uidswap.c Product: Portable OpenSSH Version: 3.7.1p1 Platform: All OS/Version: Linux Status: NEW Severity: minor Priority: P4 Component: ssh AssignedTo: bitbucket at mindrot.org ReportedBy:

All, Could someone explain the purpose of the uidswap functions with respect to ssh ( the client ). From what I gathered , ssh installs as setuid root and swaps ids when reading potential key files that may be read only by root. Also , I think when binding to a privileged port ssh swaps id. Is that so? What are the consequnences if you do not install ssh setuid root? ( As far I as know no uid

EHLO, Somehow I don't think it makes any sense to test whether the gid/egid can be changed, if the original uid happened to be root. Root can always change the gid/egid anyhow. So, I would like to propose the following change to 3.9p1... --- uidswap.c.orig Sun Aug 29 15:43:57 2004 +++ uidswap.c Sun Aug 29 15:44:05 2004 @@ -201,7 +201,7 @@ #endif /* Try restoration of GID if

Package: logcheck-database Version: 1.2.69 Severity: wishlist Hello, when newgrp (part of the package login) is used, I see messages like this in my syslog: Aug 27 23:36:16 debian64 newgrp[1975]: user `root' (login `root' on tty1) switched to group `backup' Aug 27 19:28:15 srv1 newgrp[10082]: user `root' (login `mazur' on pts/1) switched to group `backup' Aug 27

So I discovered yesterday that if puppet changes the gid of a group it doesn''t go through the file system and update them with the new correct gid (at least this was the case on RHEL5 and client puppet v2.6.16 and puppetmaster 2.7.12). Now I thought that it might be possible to have puppet execute something like find /home/ -group <old_gid> | xargs chgrp groupname. However

the stat() on which file? On Wed, Apr 04, 2001 at 02:06:56PM +0200, Jan Just Keijser wrote: > hmmm, I found the problem and managed to fix it, but I am not sure if this > isn't broken: > > using gdb, I found that sshd fails to stat the 'authorized_keys' files, > which was in /local/home/janjust/.ssh/authorized_keys. Here were the > permissions for the directories

Hello, I have tried running OpenSSH 3.7.1p2 on an Indy running IRIX 5.3. It compiled and installed without any problems. However, I get the fatal error, which originates from uidswap.c in function permanently_set_uid(): fatal: permanently_set_uid: was able to restore old [e]uid This happens even if "UsePrivilegeSeparation no" is used in sshd_config. It seems to be a problem

http://bugzilla.mindrot.org/show_bug.cgi?id=555 Summary: If user does a newgrp before envoking ssh, it fails with a setgid error. Product: Portable OpenSSH Version: older versions Platform: UltraSparc OS/Version: Solaris Status: NEW Severity: normal Priority: P2 Component: ssh

Hi, I'm terribly sorry that I missed this before 3.7p1 was out. The permanently_set_uid() function fails on Cygwin since the test to revert to the saved uid unfortunately works on Cygwin though it shouldn't. The reason is that a Windows NT process always can revert to its previous privileges. There's no such concept of giving up rights in a process permanently. This is only

ok after fighting to get my groups sorted out for my test user I created an "sudoer" group and added "jefftest" to "sudoer" > id jefftest uid=11507(jefftest) gid=8513(domain users) groups=8513(domain users),31020(sudoer) and added "sudoer" to /etc/sudoers like so %sudoer ALL=(ALL) ALL now when I login as jefftest I can run commands using sudo back to

So happy for BadLock bug it finally pushed Ubuntu to upgrade samba :-) So many things work better * I can now sudo without having to newgrp first * I can now run id and get a list of all groups I am in * I can now run getent group and get a list of the domain groups but I now have two unexpected groups running the following I get id | sed 's/,/\n/g' | sort > id_without.txt id $USER

Hi all ! This is a patch for Group mapping bug #1 reported here : http://lists.samba.org/archive/samba-technical/2004-January/034057.html It activates users' primary group SID update when adding/modifying/deleting a group mapping. It patches utils/net_groupmap.c (net_groupmap_add, net_groupmap_modify, net_groupmap_delete) and can be applied to samba-3.0.2rc1. net_groupmap_add : Scan users

Hi everybody, Is someone can confirm me that there are 2 bugs never fixed: - first in the stat command. Only with the -x option. If you execute stat -x on /tmp or /usr/bin/passwd parameters for example, the numeric representation of mode is wrong. The "special" bits are always 0. No suid-bit, no sticky bit! - Second. Because of a missing suid-bit on the newgrp command, this

http://bugzilla.mindrot.org/show_bug.cgi?id=826 Summary: RFE: scp and ssh should have an option to set the group- id at login time Product: Portable OpenSSH Version: 3.8p1 Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Miscellaneous

An hour of my life disapeared and my beautiful uptime was rebooted and it was fixed by reading http://serverfault.com/questions/98900/is-a-reboot-required-to-refresh-permissio ns-after-adding-a-user-to-a-new-group #/home is mounted from a NFS export [jpyeron at node000 ~]$ cat /tmp/jobs/foo.txt ~jobs/test.txt ~jobs/userstest.txt afasdasd cat: /home/jobs/test.txt: Permission denied Sun May 5

http://bugzilla.mindrot.org/show_bug.cgi?id=136 Summary: setgid() deemed to fail for non-suid ssh client on linux if using other than primary group Product: Portable OpenSSH Version: 3.0.2p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: ssh

http://bugzilla.mindrot.org/show_bug.cgi?id=674 Summary: permanently_set_uid() doesn't work on BSDI 4.0.1 Product: Portable OpenSSH Version: 3.7p1 Platform: ix86 OS/Version: BSDI Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: openssh-bugs at mindrot.org