- properly restore euid in case connect to the ssh-agent socket fails

openssh.spec

@@ -73,7 +73,7 @@
 %define openssh_ver 5.6p1
 %define openssh_rel 19
 %define pam_ssh_agent_ver 0.9.2
-%define pam_ssh_agent_rel 28
+%define pam_ssh_agent_rel 29
 
 Summary: An open source implementation of SSH protocol versions 1 and 2
 Name: openssh
@@ -591,9 +591,11 @@ fi
 %endif
 
 %changelog
+* Wed Nov 24 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-19 + 0.9.2-29
+- properly restore euid in case connect to the ssh-agent socket fails
+
 * Mon Nov 22 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-19 + 0.9.2-28
 - striped read permissions from suid and sgid binaries
-- properly restore euid in case connect to the ssh-agent socket fails
 
 * Mon Nov 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-18 + 0.9.2-27
 - used upstream version of the biguid patch

pam_ssh_agent_auth-0.9.2-seteuid.patch

@@ -1,26 +1,27 @@
-diff -up pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c
+diff -up pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c
---- pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid	2010-09-08 08:54:29.000000000 +0200
+--- pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid	2010-09-08 08:54:29.000000000 +0200
-+++ pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c	2010-11-22 08:38:05.000000000 +0100
++++ pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c	2010-11-22 08:38:05.000000000 +0100
-@@ -131,13 +131,17 @@ ssh_get_authentication_socket_for_uid(ui
+@@ -131,13 +131,18 @@ ssh_get_authentication_socket_for_uid(ui
- 	}
+ 	}
- 
+ 
- 	errno = 0; 
+ 	errno = 0; 
--	seteuid(uid); /* To ensure a race condition is not used to circumvent the stat
+-	seteuid(uid); /* To ensure a race condition is not used to circumvent the stat
--	             above, we will temporarily drop UID to the caller */
+-	             above, we will temporarily drop UID to the caller */
-+	/* To ensure a race condition is not used to circumvent the stat
++	/* To ensure a race condition is not used to circumvent the stat
-+	   above, we will temporarily drop UID to the caller */
++	   above, we will temporarily drop UID to the caller */
-+	if (seteuid(uid) == -1) {
++	if (seteuid(uid) == -1) {
-+		error("seteuid(%lu) failed", (unsigned long) uid);
++		close(sock);
-+		return -1;
++		error("seteuid(%lu) failed", (unsigned long) uid);
-+	}
++		return -1;
- 	if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
++	}
- 		close(sock);
+ 	if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
--        if(errno == EACCES)
+ 		close(sock);
--		fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
+-        if(errno == EACCES)
--		return -1;
+-		fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
-+		sock = -1;
+-		return -1;
-+		if(errno == EACCES)
++		sock = -1;
-+			fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
++		if(errno == EACCES)
- 	}
++			fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
- 
+ 	}
- 	seteuid(0); /* we now continue the regularly scheduled programming */
+ 
+ 	seteuid(0); /* we now continue the regularly scheduled programming */