fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent
is not running, most probably not exploitable update pam_ssh_agent_auth to 0.9.3 upstream version
This commit is contained in:
parent
c4fd069940
commit
4f4687ce80
1
.gitignore
vendored
1
.gitignore
vendored
@ -5,3 +5,4 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
|
|||||||
/openssh-5.8p1-noacss.tar.bz2
|
/openssh-5.8p1-noacss.tar.bz2
|
||||||
/openssh-5.8p2-noacss.tar.bz2
|
/openssh-5.8p2-noacss.tar.bz2
|
||||||
/openssh-5.9p1-noacss.tar.bz2
|
/openssh-5.9p1-noacss.tar.bz2
|
||||||
|
/pam_ssh_agent_auth-0.9.3.tar.bz2
|
||||||
|
22
openssh.spec
22
openssh.spec
@ -75,9 +75,9 @@
|
|||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%define openssh_ver 5.9p1
|
%define openssh_ver 5.9p1
|
||||||
%define openssh_rel 22
|
%define openssh_rel 23
|
||||||
%define pam_ssh_agent_ver 0.9.2
|
%define pam_ssh_agent_ver 0.9.3
|
||||||
%define pam_ssh_agent_rel 32
|
%define pam_ssh_agent_rel 1
|
||||||
|
|
||||||
Summary: An open source implementation of SSH protocol versions 1 and 2
|
Summary: An open source implementation of SSH protocol versions 1 and 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
@ -134,8 +134,12 @@ Patch204: openssh-5.9p1-audit4.patch
|
|||||||
Patch205: openssh-5.9p1-audit5.patch
|
Patch205: openssh-5.9p1-audit5.patch
|
||||||
|
|
||||||
# --- pam_ssh-agent ---
|
# --- pam_ssh-agent ---
|
||||||
Patch300: pam_ssh_agent_auth-0.9-build.patch
|
# make it build reusing the openssh sources
|
||||||
|
Patch300: pam_ssh_agent_auth-0.9.3-build.patch
|
||||||
|
# check return value of seteuid()
|
||||||
Patch301: pam_ssh_agent_auth-0.9.2-seteuid.patch
|
Patch301: pam_ssh_agent_auth-0.9.2-seteuid.patch
|
||||||
|
# explicitly make pam callbacks visible
|
||||||
|
Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
|
||||||
|
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
|
||||||
Patch400: openssh-5.9p1-role.patch
|
Patch400: openssh-5.9p1-role.patch
|
||||||
@ -410,6 +414,7 @@ The module is most useful for su and sudo service stacks.
|
|||||||
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||||
%patch300 -p1 -b .psaa-build
|
%patch300 -p1 -b .psaa-build
|
||||||
%patch301 -p1 -b .psaa-seteuid
|
%patch301 -p1 -b .psaa-seteuid
|
||||||
|
%patch302 -p1 -b .psaa-visibility
|
||||||
# Remove duplicate headers
|
# Remove duplicate headers
|
||||||
rm -f $(cat %{SOURCE5})
|
rm -f $(cat %{SOURCE5})
|
||||||
popd
|
popd
|
||||||
@ -471,7 +476,9 @@ autoreconf
|
|||||||
popd
|
popd
|
||||||
|
|
||||||
%build
|
%build
|
||||||
CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS
|
# the -fvisibility=hidden is needed for clean build of the pam_ssh_agent_auth
|
||||||
|
# and it makes the ssh build more clean and even optimized better
|
||||||
|
CFLAGS="$RPM_OPT_FLAGS -fvisibility=hidden"; export CFLAGS
|
||||||
%if %{rescue}
|
%if %{rescue}
|
||||||
CFLAGS="$CFLAGS -Os"
|
CFLAGS="$CFLAGS -Os"
|
||||||
%endif
|
%endif
|
||||||
@ -796,6 +803,11 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jun 22 2012 Tomas Mraz <tmraz@redhat.com> 5.9p1-23 + 0.9.3-1
|
||||||
|
- fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent
|
||||||
|
is not running, most probably not exploitable
|
||||||
|
- update pam_ssh_agent_auth to 0.9.3 upstream version
|
||||||
|
|
||||||
* Fri Apr 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-22 + 0.9.2-32
|
* Fri Apr 06 2012 Petr Lautrbach <plautrba@redhat.com> 5.9p1-22 + 0.9.2-32
|
||||||
- don't create RSA1 key in FIPS mode
|
- don't create RSA1 key in FIPS mode
|
||||||
- don't install sshd-keygen.service (#810419)
|
- don't install sshd-keygen.service (#810419)
|
||||||
|
21
pam_ssh_agent_auth-0.9.2-visibility.patch
Normal file
21
pam_ssh_agent_auth-0.9.2-visibility.patch
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
diff -up pam_ssh_agent_auth-0.9.2/pam_ssh_agent_auth.c.visibility pam_ssh_agent_auth-0.9.2/pam_ssh_agent_auth.c
|
||||||
|
--- pam_ssh_agent_auth-0.9.2/pam_ssh_agent_auth.c.visibility 2009-12-21 20:57:34.000000000 +0100
|
||||||
|
+++ pam_ssh_agent_auth-0.9.2/pam_ssh_agent_auth.c 2012-06-21 20:01:31.356259429 +0200
|
||||||
|
@@ -68,7 +68,7 @@ char *__progname;
|
||||||
|
extern char *__progname;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
-PAM_EXTERN int
|
||||||
|
+PAM_EXTERN int __attribute__ ((visibility ("default")))
|
||||||
|
pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv)
|
||||||
|
{
|
||||||
|
char **argv_ptr;
|
||||||
|
@@ -184,7 +184,7 @@ pam_sm_authenticate(pam_handle_t * pamh,
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
-PAM_EXTERN int
|
||||||
|
+PAM_EXTERN int __attribute__ ((visibility ("default")))
|
||||||
|
pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
|
||||||
|
{
|
||||||
|
return PAM_SUCCESS;
|
@ -1,7 +1,7 @@
|
|||||||
diff -up pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c.psaa-build pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c
|
diff -up pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c.psaa-build pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c
|
||||||
--- pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c.psaa-build 2009-08-08 11:51:04.000000000 +0200
|
--- pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c.psaa-build 2010-01-13 03:17:01.000000000 +0100
|
||||||
+++ pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c 2009-10-16 15:20:55.000000000 +0200
|
+++ pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c 2012-06-21 20:14:56.432527764 +0200
|
||||||
@@ -41,7 +41,16 @@
|
@@ -37,7 +37,16 @@
|
||||||
#include "buffer.h"
|
#include "buffer.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "authfd.h"
|
#include "authfd.h"
|
||||||
@ -18,7 +18,7 @@ diff -up pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c.psaa-build pam_ssh_agen
|
|||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
|
|
||||||
#include "userauth_pubkey_from_id.h"
|
#include "userauth_pubkey_from_id.h"
|
||||||
@@ -73,6 +82,96 @@ session_id2_gen()
|
@@ -69,6 +78,96 @@ session_id2_gen()
|
||||||
return cookie;
|
return cookie;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -115,7 +115,7 @@ diff -up pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c.psaa-build pam_ssh_agen
|
|||||||
int
|
int
|
||||||
find_authorized_keys(uid_t uid)
|
find_authorized_keys(uid_t uid)
|
||||||
{
|
{
|
||||||
@@ -85,7 +184,7 @@ find_authorized_keys(uid_t uid)
|
@@ -81,7 +180,7 @@ find_authorized_keys(uid_t uid)
|
||||||
OpenSSL_add_all_digests();
|
OpenSSL_add_all_digests();
|
||||||
session_id2 = session_id2_gen();
|
session_id2 = session_id2_gen();
|
||||||
|
|
||||||
@ -124,14 +124,14 @@ diff -up pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c.psaa-build pam_ssh_agen
|
|||||||
verbose("Contacted ssh-agent of user %s (%u)", getpwuid(uid)->pw_name, uid);
|
verbose("Contacted ssh-agent of user %s (%u)", getpwuid(uid)->pw_name, uid);
|
||||||
for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2))
|
for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2))
|
||||||
{
|
{
|
||||||
@@ -113,3 +212,4 @@ find_authorized_keys(uid_t uid)
|
@@ -109,3 +208,4 @@ find_authorized_keys(uid_t uid)
|
||||||
EVP_cleanup();
|
EVP_cleanup();
|
||||||
return retval;
|
return retval;
|
||||||
}
|
}
|
||||||
+
|
+
|
||||||
diff -up pam_ssh_agent_auth-0.9/Makefile.in.psaa-build pam_ssh_agent_auth-0.9/Makefile.in
|
diff -up pam_ssh_agent_auth-0.9.3/Makefile.in.psaa-build pam_ssh_agent_auth-0.9.3/Makefile.in
|
||||||
--- pam_ssh_agent_auth-0.9/Makefile.in.psaa-build 2009-08-06 07:40:16.000000000 +0200
|
--- pam_ssh_agent_auth-0.9.3/Makefile.in.psaa-build 2009-10-27 21:19:41.000000000 +0100
|
||||||
+++ pam_ssh_agent_auth-0.9/Makefile.in 2009-10-16 15:20:55.000000000 +0200
|
+++ pam_ssh_agent_auth-0.9.3/Makefile.in 2012-06-21 20:14:56.432527764 +0200
|
||||||
@@ -28,7 +28,7 @@ PATHS=
|
@@ -28,7 +28,7 @@ PATHS=
|
||||||
CC=@CC@
|
CC=@CC@
|
||||||
LD=@LD@
|
LD=@LD@
|
||||||
@ -176,15 +176,4 @@ diff -up pam_ssh_agent_auth-0.9/Makefile.in.psaa-build pam_ssh_agent_auth-0.9/Ma
|
|||||||
|
|
||||||
$(MANPAGES): $(MANPAGES_IN)
|
$(MANPAGES): $(MANPAGES_IN)
|
||||||
pod2man --section=8 --release=v0.8 --name=pam_ssh_agent_auth --official --center "PAM" pam_ssh_agent_auth.pod > pam_ssh_agent_auth.8
|
pod2man --section=8 --release=v0.8 --name=pam_ssh_agent_auth --official --center "PAM" pam_ssh_agent_auth.pod > pam_ssh_agent_auth.8
|
||||||
diff -up pam_ssh_agent_auth-0.9/pam_user_authorized_keys.c.psaa-build pam_ssh_agent_auth-0.9/pam_user_authorized_keys.c
|
diff -up pam_ssh_agent_auth-0.9.3/pam_user_authorized_keys.c.psaa-build pam_ssh_agent_auth-0.9.3/pam_user_authorized_keys.c
|
||||||
--- pam_ssh_agent_auth-0.9/pam_user_authorized_keys.c.psaa-build 2009-07-29 02:46:38.000000000 +0200
|
|
||||||
+++ pam_ssh_agent_auth-0.9/pam_user_authorized_keys.c 2009-10-16 15:50:36.000000000 +0200
|
|
||||||
@@ -94,7 +94,7 @@ parse_authorized_key_file(const char *us
|
|
||||||
/*
|
|
||||||
* temporary copy, so that both tilde expansion and percent expansion both get to apply to the path
|
|
||||||
*/
|
|
||||||
- strncat(auth_keys_file_buf, authorized_keys_file_input, 4096);
|
|
||||||
+ strncat(auth_keys_file_buf, authorized_keys_file_input, sizeof(auth_keys_file_buf)-1);
|
|
||||||
|
|
||||||
if(allow_user_owned_authorized_keys_file)
|
|
||||||
authorized_keys_file_allowed_owner_uid = getpwnam(user)->pw_uid;
|
|
Loading…
Reference in New Issue
Block a user