rpms/openssh
5
0
Fork 1
Code Issues Pull Requests Releases Activity

changed internal-sftp context to sftpd_t

Browse Source
This commit is contained in:
Jan F. Chadima 2009-07-17 07:06:59 +00:00
parent ca05b36451
commit 3d6b00af7e
4 changed files with 71 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
openssh-5.2p1-pathmax.patch
View File

@ -1,6 +1,6 @@
diff -up openssh-5.2p1/ssh.c.pathmax openssh-5.2p1/ssh.c diff -up openssh-5.2p1/ssh.c.pathmax openssh-5.2p1/ssh.c
--- openssh-5.2p1/ssh.c.pathmax 2009-06-29 22:13:17.251360372 +0200 --- openssh-5.2p1/ssh.c.pathmax 2009-07-08 14:23:19.000000000 +0200
+++ openssh-5.2p1/ssh.c 2009-06-29 22:14:46.036292525 +0200 +++ openssh-5.2p1/ssh.c 2009-07-08 14:26:26.000000000 +0200
@@ -49,6 +49,7 @@ @@ -49,6 +49,7 @@
#include <sys/resource.h> #include <sys/resource.h>
#include <sys/ioctl.h> #include <sys/ioctl.h>
@ -9,12 +9,39 @@ diff -up openssh-5.2p1/ssh.c.pathmax openssh-5.2p1/ssh.c
#include <ctype.h> #include <ctype.h>
#include <errno.h> #include <errno.h>
@@ -209,7 +210,7 @@ int @@ -208,8 +209,8 @@ void muxserver_listen(void);
int
main(int ac, char **av) main(int ac, char **av)
{ {
int i, opt, exit_status, use_syslog; - int i, opt, exit_status, use_syslog;
- char *p, *cp, *line, buf[256]; - char *p, *cp, *line, buf[256];
+ char *p, *cp, *line, buf[PATH_MAX]; + int i, r, opt, exit_status, use_syslog;
+ char *p, *cp, *line, buf[MAXPATHLEN];
struct stat st; struct stat st;
struct passwd *pw; struct passwd *pw;
int dummy, timeout_ms; int dummy, timeout_ms;
@@ -624,9 +625,10 @@ main(int ac, char **av)
fatal("Can't open user config file %.100s: "
"%.100s", config, strerror(errno));
} else {
- snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
+ r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
_PATH_SSH_USER_CONFFILE);
- (void)read_config_file(buf, host, &options, 1);
+ if (r > 0 && (size_t)r < sizeof(buf))
+ (void)read_config_file(buf, host, &options, 1);
/* Read systemwide configuration file after use config. */
(void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
@@ -787,9 +789,9 @@ main(int ac, char **av)
* Now that we are back to our own permissions, create ~/.ssh
* directory if it doesn't already exist.
*/
- snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir,
+ r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
- if (stat(buf, &st) < 0)
+ if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);

20
openssh-5.2p1-selabel.patch
View File

@ -1,6 +1,6 @@
diff -up openssh-5.2p1/contrib/ssh-copy-id.selabel openssh-5.2p1/contrib/ssh-copy-id diff -up openssh-5.2p1/contrib/ssh-copy-id.selabel openssh-5.2p1/contrib/ssh-copy-id
--- openssh-5.2p1/contrib/ssh-copy-id.selabel 2009-06-29 23:43:03.514390092 +0200 --- openssh-5.2p1/contrib/ssh-copy-id.selabel 2009-01-21 10:29:21.000000000 +0100
+++ openssh-5.2p1/contrib/ssh-copy-id 2009-06-29 23:44:11.188382120 +0200 +++ openssh-5.2p1/contrib/ssh-copy-id 2009-07-08 14:28:27.000000000 +0200
@@ -38,7 +38,7 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || @@ -38,7 +38,7 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] ||
exit 1 exit 1
fi fi
@ -11,8 +11,8 @@ diff -up openssh-5.2p1/contrib/ssh-copy-id.selabel openssh-5.2p1/contrib/ssh-cop
cat <<EOF cat <<EOF
Now try logging into the machine, with "ssh '$1'", and check in: Now try logging into the machine, with "ssh '$1'", and check in:
diff -up openssh-5.2p1/Makefile.in.selabel openssh-5.2p1/Makefile.in diff -up openssh-5.2p1/Makefile.in.selabel openssh-5.2p1/Makefile.in
--- openssh-5.2p1/Makefile.in.selabel 2009-06-29 23:38:34.224128017 +0200 --- openssh-5.2p1/Makefile.in.selabel 2009-07-08 14:28:25.000000000 +0200
+++ openssh-5.2p1/Makefile.in 2009-06-29 23:38:34.332123333 +0200 +++ openssh-5.2p1/Makefile.in 2009-07-08 14:28:27.000000000 +0200
@@ -134,7 +134,7 @@ libssh.a: $(LIBSSH_OBJS) @@ -134,7 +134,7 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@ $(RANLIB) $@
@ -23,8 +23,8 @@ diff -up openssh-5.2p1/Makefile.in.selabel openssh-5.2p1/Makefile.in
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) -lfipscheck $(LIBS) $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) -lfipscheck $(LIBS)
diff -up openssh-5.2p1/ssh.c.selabel openssh-5.2p1/ssh.c diff -up openssh-5.2p1/ssh.c.selabel openssh-5.2p1/ssh.c
--- openssh-5.2p1/ssh.c.selabel 2009-06-29 23:38:34.314132116 +0200 --- openssh-5.2p1/ssh.c.selabel 2009-07-08 14:28:27.000000000 +0200
+++ openssh-5.2p1/ssh.c 2009-06-29 23:38:34.335927287 +0200 +++ openssh-5.2p1/ssh.c 2009-07-08 14:34:00.000000000 +0200
@@ -74,6 +74,7 @@ @@ -74,6 +74,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include <openssl/fips.h> #include <openssl/fips.h>
@ -33,12 +33,12 @@ diff -up openssh-5.2p1/ssh.c.selabel openssh-5.2p1/ssh.c
#include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/openssl-compat.h"
#include "openbsd-compat/sys-queue.h" #include "openbsd-compat/sys-queue.h"
@@ -790,10 +791,15 @@ main(int ac, char **av) @@ -791,10 +792,15 @@ main(int ac, char **av)
*/ */
snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir, r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
- if (stat(buf, &st) < 0) - if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
+ if (stat(buf, &st) < 0) { + if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
+ char *scon; + char *scon;
+ +
+ matchpathcon(buf, 0700, &scon); + matchpathcon(buf, 0700, &scon);

19
openssh-5.2p1-sesftp.patch Normal file
View File

@ -0,0 +1,19 @@
diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c
--- openssh-5.2p1/session.c.sesftp 2009-07-16 22:34:26.000000000 +0200
+++ openssh-5.2p1/session.c 2009-07-16 22:59:22.000000000 +0200
@@ -58,6 +58,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <selinux/selinux.h>
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
@@ -1816,6 +1817,7 @@ do_child(Session *s, const char *command
argv[i] = NULL;
optind = optreset = 1;
__progname = argv[0];
+ setcon ("system_u:system_r:sftpd_t");
exit(sftp_server_main(i, argv, s->pw));
}

12
openssh.spec
View File

@ -63,7 +63,7 @@
Summary: An open source implementation of SSH protocol versions 1 and 2 Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh Name: openssh
Version: 5.2p1 Version: 5.2p1
Release: 12%{?dist}%{?rescue_rel} Release: 14%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html URL: http://www.openssh.com/portable.html
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@ -101,6 +101,7 @@ Patch66: openssh-5.2p1-homechroot.patch
Patch67: openssh-5.2p1-xmodifiers.patch Patch67: openssh-5.2p1-xmodifiers.patch
Patch68: openssh-5.2p1-pathmax.patch Patch68: openssh-5.2p1-pathmax.patch
Patch69: openssh-5.2p1-selabel.patch Patch69: openssh-5.2p1-selabel.patch
Patch70: openssh-5.2p1-sesftp.patch
License: BSD License: BSD
Group: Applications/Internet Group: Applications/Internet
@ -236,6 +237,7 @@ an X11 passphrase dialog for OpenSSH.
%patch67 -p1 -b .xmodifiers %patch67 -p1 -b .xmodifiers
%patch68 -p1 -b .pathmax %patch68 -p1 -b .pathmax
%patch69 -p1 -b .selabel %patch69 -p1 -b .selabel
%patch70 -p1 -b .sesftp
autoreconf autoreconf
@ -470,7 +472,13 @@ fi
%endif %endif
%changelog %changelog
* Tue Jun 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-11 * Fri Jul 17 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-14
- changed internal-sftp context to sftpd_t
* Fri Jul 3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-13
- changed home length path patch to upstream version
* Tue Jun 30 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-12
- create '~/.ssh/known_hosts' within proper context - create '~/.ssh/known_hosts' within proper context
* Mon Jun 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-11 * Mon Jun 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-11