Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP7:GA
openssh-askpass-gnome.21986
openssh-bsc1190975-CVE-2021-41617-authorizedkey...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch of Package openssh-askpass-gnome.21986
From 3c5af56a79da606a3510ea489f70d12091d8ea33 Mon Sep 17 00:00:00 2001 From: Ali Abdallah <aabdallah@suse.de> Date: Wed, 24 Nov 2021 13:24:47 +0100 Subject: [PATCH] CVE-2021-41617 fix backport of the following two upstream commits f3cbe43e28fe71427d41cfe3a17125b972710455 bf944e3794eff5413f2df1ef37cddf96918c6bde CVE-2021-41617 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a different user. Instead these commands would inherit the groups that sshd(8) was started with. --- misc.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/misc.c b/misc.c index 05950a4..e69c387 100644 --- a/misc.c +++ b/misc.c @@ -45,6 +45,7 @@ #include <string.h> #include <time.h> #include <unistd.h> +#include <grp.h> #include <netinet/in.h> #include <netinet/in_systm.h> @@ -1525,6 +1526,13 @@ subprocess(const char *tag, struct passwd *pw, const char *command, } closefrom(STDERR_FILENO + 1); + if (geteuid() == 0 && + initgroups(pw->pw_name, pw->pw_gid) == -1) { + error("%s: initgroups(%s, %u): %s", tag, + pw->pw_name, (u_int)pw->pw_gid, strerror(errno)); + _exit(1); + } + /* Don't use permanently_set_uid() here to avoid fatal() */ if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, -- 2.26.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor