the intermediate context is set to sshd_sftpd_t

do not crash in packet.c if no connection
This commit is contained in:
Jan F 2011-04-05 20:54:12 +02:00
parent 7317c8f1cf
commit 8bc65c49b7
3 changed files with 31 additions and 22 deletions

View File

@ -0,0 +1,12 @@
diff -up openssh-5.8p1/packet.c.packet openssh-5.8p1/packet.c
--- openssh-5.8p1/packet.c.packet 2011-04-05 13:29:06.998648899 +0200
+++ openssh-5.8p1/packet.c 2011-04-05 13:30:32.967648596 +0200
@@ -294,6 +294,8 @@ packet_connection_is_on_socket(void)
struct sockaddr_storage from, to;
socklen_t fromlen, tolen;
+ if (!active_state)
+ return 0;
/* filedescriptors in and out are the same, so it's a socket */
if (active_state->connection_in == active_state->connection_out)
return 1;

View File

@ -1,24 +1,14 @@
diff -up openssh-5.8p1/session.c.sftpcontext openssh-5.8p1/session.c
--- openssh-5.8p1/session.c.sftpcontext 2011-04-01 11:22:26.988648474 +0200
+++ openssh-5.8p1/session.c 2011-04-01 11:31:49.127665411 +0200
@@ -831,6 +831,10 @@ do_exec(Session *s, const char *command)
if (s->command != NULL)
s->command_handle = PRIVSEP(audit_run_command(s->command));
#endif
+#ifdef WITH_SELINUX
+debug(">>> %d:%d %s ~ %d", getuid(), geteuid(), s->command, IS_INTERNAL_SFTP(s->command));
+// ssh_selinux_change_context("sftpd_t");
+#endif
if (s->ttyfd != -1)
ret = do_exec_pty(s, command);
else
@@ -1780,9 +1784,6 @@ do_child(Session *s, const char *command
argv[i] = NULL;
optind = optreset = 1;
__progname = argv[0];
-#ifdef WITH_SELINUX
- ssh_selinux_change_context("sftpd_t");
-#endif
exit(sftp_server_main(i, argv, s->pw));
--- openssh-5.8p1/session.c.sftpcontext 2011-04-05 19:46:53.674654050 +0200
+++ openssh-5.8p1/session.c 2011-04-05 19:48:32.942658237 +0200
@@ -1520,6 +1520,10 @@ do_setusercontext(struct passwd *pw)
free(chroot_path);
}
+#ifdef WITH_SELINUX
+ ssh_selinux_change_context("sshd_sftpd_t");
+#endif
+
#ifdef HAVE_LOGIN_CAP
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
perror("unable to set user context (setuser)");

View File

@ -110,6 +110,8 @@ Patch3: openssh-5.8p1-audit3.patch
Patch4: openssh-5.8p1-audit4.patch
Patch5: openssh-5.8p1-audit5.patch
#?
Patch6: openssh-5.8p1-packet.patch
#?
Patch7: openssh-5.8p1-entropy.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX)
Patch9: openssh-5.8p1-vendor.patch
@ -325,6 +327,7 @@ The module is most useful for su and sudo service stacks.
%patch3 -p1 -b .audit3
%patch4 -p1 -b .audit4
%patch5 -p1 -b .audit5
%patch6 -p1 -b .packet
%patch7 -p1 -b .entropy
%patch9 -p1 -b .vendor
%if %{pam_ssh_agent}
@ -658,6 +661,10 @@ fi
%endif
%changelog
* Tue Apr 5 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-24 + 0.9.2-30
- the intermediate context is set to sshd_sftpd_t
- do not crash in packet.c if no connection
* Thu Mar 31 2011 Jan F. Chadima <jchadima@redhat.com> - 5.8p1-24 + 0.9.2-30
- resolve warnings in port_linux.c