File openssh-bsc1190975-CVE-2021-41617-authorizedkey... of Package openssh

Overview Repositories Revisions Requests Users Attributes Meta

File openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch of Package openssh

From 3c5af56a79da606a3510ea489f70d12091d8ea33 Mon Sep 17 00:00:00 2001
From: Ali Abdallah <aabdallah@suse.de>
Date: Wed, 24 Nov 2021 13:24:47 +0100
Subject: [PATCH] CVE-2021-41617 fix

backport of the following two upstream commits

f3cbe43e28fe71427d41cfe3a17125b972710455
bf944e3794eff5413f2df1ef37cddf96918c6bde

CVE-2021-41617 failed to correctly initialise supplemental groups
when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand,
where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser
directive has been set to run the command as a different user. Instead
these commands would inherit the groups that sshd(8) was started with.
---
 misc.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/misc.c b/misc.c
index 05950a4..e69c387 100644
--- a/misc.c
+++ b/misc.c
@@ -45,6 +45,7 @@
 #include <string.h>
 #include <time.h>
 #include <unistd.h>
+#include <grp.h>
 
 #include <netinet/in.h>
 #include <netinet/in_systm.h>
@@ -1525,6 +1526,13 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
 		}
 		closefrom(STDERR_FILENO + 1);
 
+		if (geteuid() == 0 &&
+		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
+			error("%s: initgroups(%s, %u): %s", tag,
+			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
+			_exit(1);
+		}
+
 		/* Don't use permanently_set_uid() here to avoid fatal() */
 		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
 			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
-- 
2.26.2

Places

File openssh-bsc1190975-CVE-2021-41617-authorizedkeyscommand.patch of Package openssh

Places