rpms/openssh/devel openssh-5.2p1-homechroot.patch, 1.5, 1.6 openssh.spec, 1.163, 1.164
Jan F. Chadima
jfch2222 at fedoraproject.org
Mon Sep 7 10:20:22 UTC 2009
- Previous message (by thread): rpms/task/F-11 .cvsignore, 1.5, 1.6 import.log, 1.5, 1.6 sources, 1.6, 1.7 task.spec, 1.5, 1.6
- Next message (by thread): rpms/task/F-12 .cvsignore, 1.5, 1.6 import.log, 1.5, 1.6 sources, 1.6, 1.7 task.spec, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jfch2222
Update of /cvs/pkgs/rpms/openssh/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9120
Modified Files:
openssh-5.2p1-homechroot.patch openssh.spec
Log Message:
Add check for nosuid, nodev in homechroot
openssh-5.2p1-homechroot.patch:
chrootenv.h | 32 ++++++++++++++++++++++
session.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++--
sftp-common.c | 5 ++-
sftp-server-main.c | 3 ++
sftp.c | 2 +
sshd_config.0 | 8 +++++
sshd_config.5 | 11 +++++++
7 files changed, 134 insertions(+), 4 deletions(-)
Index: openssh-5.2p1-homechroot.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh-5.2p1-homechroot.patch,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -p -r1.5 -r1.6
--- openssh-5.2p1-homechroot.patch 24 Jul 2009 06:15:35 -0000 1.5
+++ openssh-5.2p1-homechroot.patch 7 Sep 2009 10:20:22 -0000 1.6
@@ -1,6 +1,6 @@
diff -up /dev/null openssh-5.2p1/chrootenv.h
---- /dev/null 2009-07-23 14:57:23.604046842 +0200
-+++ openssh-5.2p1/chrootenv.h 2009-07-24 07:11:29.000000000 +0200
+--- /dev/null 2009-08-19 20:21:50.796466837 +0200
++++ openssh-5.2p1/chrootenv.h 2009-08-19 23:22:15.000000000 +0200
@@ -0,0 +1,32 @@
+/* $OpenBSD: session.h,v 1.30 2008/05/08 12:21:16 djm Exp $ */
+
@@ -35,8 +35,8 @@ diff -up /dev/null openssh-5.2p1/chroote
+#endif
+
diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
---- openssh-5.2p1/session.c.homechroot 2009-07-24 07:11:22.000000000 +0200
-+++ openssh-5.2p1/session.c 2009-07-24 07:33:14.000000000 +0200
+--- openssh-5.2p1/session.c.homechroot 2009-08-19 23:22:14.000000000 +0200
++++ openssh-5.2p1/session.c 2009-08-19 23:22:15.000000000 +0200
@@ -119,6 +119,8 @@ void do_child(Session *, const char *);
void do_motd(void);
int check_quietlogin(Session *, const char *);
@@ -58,7 +58,69 @@ diff -up openssh-5.2p1/session.c.homechr
#ifdef SSH_AUDIT_EVENTS
if (command != NULL)
PRIVSEP(audit_run_command(command));
-@@ -1408,6 +1415,7 @@ safely_chroot(const char *path, uid_t ui
+@@ -1399,6 +1406,61 @@ do_nologin(struct passwd *pw)
+ }
+
+ /*
++ * Test if filesystem is mounted nosuid and nodev
++ */
++
++static void
++test_nosuid (dev_t fs)
++{
++ FILE *f;
++ struct stat st;
++ char buf[4096], *s, *on, *mountpoint, *opt;
++ int nodev, nosuid;
++
++ if (!(f = popen ("/bin/mount", "r")))
++ fatal ("%s: popen(\"/bin/mount\", \"r\"): %s",
++ __func__, strerror (errno));
++ for (;;) {
++ s = fgets (buf, sizeof (buf), f);
++ if (ferror (f))
++ fatal ("%s: read from popen: %s", __func__,
++ strerror (errno));
++ if (!s) {
++ pclose (f);
++ fatal ("cannot found filesystem with the chroot directory");
++ }
++ (void) strtok (buf, " ");
++ on = strtok (NULL, " ");
++ if (strcmp (on, "on")) {
++ pclose (f);
++ fatal ("bad format of mount output");
++ }
++ mountpoint = strtok (NULL, " ");
++ if (stat(mountpoint, &st) != 0) {
++ pclose (f);
++ fatal("%s: stat(\"%s\"): %s", __func__,
++ mountpoint, strerror(errno));
++ }
++ if (fs != st.st_dev)
++ continue;
++ nodev = nosuid = 0;
++ for (opt = strtok (NULL, "("); opt; opt = strtok (NULL, " ,)")) {
++ if (!strcmp (opt, "nodev"))
++ nodev = 1;
++ else if (!strcmp (opt, "nosuid"))
++ nosuid = 1;
++ else if (!strcmp (opt, "noexec"))
++ nosuid = 1;
++ if (nodev && nosuid) {
++ pclose (f);
++ return;
++ }
++ }
++ fatal ("chroot into directory without nodev or nosuid");
++ }
++}
++
++/*
+ * Chroot into a directory after checking it for safety: all path components
+ * must be root-owned directories with strict permissions.
+ */
+@@ -1408,6 +1470,7 @@ safely_chroot(const char *path, uid_t ui
const char *cp;
char component[MAXPATHLEN];
struct stat st;
@@ -66,7 +128,7 @@ diff -up openssh-5.2p1/session.c.homechr
if (*path != '/')
fatal("chroot path does not begin at root");
-@@ -1419,7 +1427,7 @@ safely_chroot(const char *path, uid_t ui
+@@ -1419,7 +1482,7 @@ safely_chroot(const char *path, uid_t ui
* root-owned directory with strict permissions.
*/
for (cp = path; cp != NULL;) {
@@ -75,7 +137,7 @@ diff -up openssh-5.2p1/session.c.homechr
strlcpy(component, path, sizeof(component));
else {
cp++;
-@@ -1432,15 +1440,19 @@ safely_chroot(const char *path, uid_t ui
+@@ -1432,14 +1495,20 @@ safely_chroot(const char *path, uid_t ui
if (stat(component, &st) != 0)
fatal("%s: stat(\"%s\"): %s", __func__,
component, strerror(errno));
@@ -87,30 +149,30 @@ diff -up openssh-5.2p1/session.c.homechr
if (!S_ISDIR(st.st_mode))
fatal("chroot path %s\"%s\" is not a directory",
cp == NULL ? "" : "component ", component);
--
- }
++ }
+ setenv ("TZ", "/etc/localtime", 0);
+ tzset ();
-+
-+ if (st.st_uid != uid)
+
++ if (st.st_uid) {
++ test_nosuid (st.st_dev);
+ ++chroot_no_tree;
+ }
if (chdir(path) == -1)
- fatal("Unable to chdir to chroot path \"%s\": "
-@@ -1451,6 +1463,10 @@ safely_chroot(const char *path, uid_t ui
+@@ -1451,6 +1520,10 @@ safely_chroot(const char *path, uid_t ui
if (chdir("/") == -1)
fatal("%s: chdir(/) after chroot: %s",
__func__, strerror(errno));
+
+ if (access ("/etc/localtime", R_OK) < 0)
-+ ++chroot_no_tree;
++ ++chroot_no_tree;
+
verbose("Changed root directory to \"%s\"", path);
}
diff -up openssh-5.2p1/sftp.c.homechroot openssh-5.2p1/sftp.c
--- openssh-5.2p1/sftp.c.homechroot 2009-02-14 06:26:19.000000000 +0100
-+++ openssh-5.2p1/sftp.c 2009-07-24 07:11:29.000000000 +0200
++++ openssh-5.2p1/sftp.c 2009-08-19 23:22:15.000000000 +0200
@@ -94,6 +94,8 @@ int remote_glob(struct sftp_conn *, cons
extern char *__progname;
@@ -122,7 +184,7 @@ diff -up openssh-5.2p1/sftp.c.homechroot
diff -up openssh-5.2p1/sftp-common.c.homechroot openssh-5.2p1/sftp-common.c
--- openssh-5.2p1/sftp-common.c.homechroot 2006-08-05 04:39:40.000000000 +0200
-+++ openssh-5.2p1/sftp-common.c 2009-07-24 07:11:29.000000000 +0200
++++ openssh-5.2p1/sftp-common.c 2009-08-19 23:22:15.000000000 +0200
@@ -40,6 +40,7 @@
#include "xmalloc.h"
#include "buffer.h"
@@ -149,7 +211,7 @@ diff -up openssh-5.2p1/sftp-common.c.hom
snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);
diff -up openssh-5.2p1/sftp-server-main.c.homechroot openssh-5.2p1/sftp-server-main.c
--- openssh-5.2p1/sftp-server-main.c.homechroot 2009-02-21 22:47:02.000000000 +0100
-+++ openssh-5.2p1/sftp-server-main.c 2009-07-24 07:11:29.000000000 +0200
++++ openssh-5.2p1/sftp-server-main.c 2009-08-19 23:22:15.000000000 +0200
@@ -22,11 +22,14 @@
#include <stdarg.h>
#include <stdio.h>
@@ -165,3 +227,42 @@ diff -up openssh-5.2p1/sftp-server-main.
void
cleanup_exit(int i)
{
+diff -up openssh-5.2p1/sshd_config.0.homechroot openssh-5.2p1/sshd_config.0
+--- openssh-5.2p1/sshd_config.0.homechroot 2009-08-19 23:22:14.000000000 +0200
++++ openssh-5.2p1/sshd_config.0 2009-08-19 23:31:26.000000000 +0200
+@@ -112,6 +112,14 @@ DESCRIPTION
+ essary if the in-process sftp server is used (see Subsystem for
+ details).
+
++ In the special case when only sftp is used, not ssh nor scp, it
++ is possible to use ChrootDirectory %h or ChrootDirectory
++ /some/path/%u. The file system containing this directory must be
++ mounted with options nodev and either nosuid or noexec. The owner
++ of the directory should be the user. The ownership of the other
++ components of the path must fulfill the usual conditions. No adi-
++ tional files are required to be present in the directory.
++
+ The default is not to chroot(2).
+
+ Ciphers
+diff -up openssh-5.2p1/sshd_config.5.homechroot openssh-5.2p1/sshd_config.5
+--- openssh-5.2p1/sshd_config.5.homechroot 2009-08-19 23:22:14.000000000 +0200
++++ openssh-5.2p1/sshd_config.5 2009-08-19 23:22:15.000000000 +0200
+@@ -219,6 +219,17 @@ in-process sftp server is used (see
+ .Cm Subsystem
+ for details).
+ .Pp
++In the special case when only sftp is used, not ssh nor scp,
++it is possible to use
++.Cm ChrootDirectory
++%h or
++.Cm ChrootDirectory
++/some/path/%u. The file system containing this directory must be
++mounted with options nodev and either nosuid or noexec. The owner of the
++directory should be the user. The ownership of the other components of the path
++must fulfill the usual conditions. No aditional files are required to be present
++in the directory.
++.Pp
+ The default is not to
+ .Xr chroot 2 .
+ .It Cm Ciphers
Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.163
retrieving revision 1.164
diff -u -p -r1.163 -r1.164
--- openssh.spec 1 Sep 2009 18:51:41 -0000 1.163
+++ openssh.spec 7 Sep 2009 10:20:22 -0000 1.164
@@ -63,7 +63,7 @@
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
Version: 5.2p1
-Release: 23%{?dist}%{?rescue_rel}
+Release: 24%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -468,6 +468,9 @@ fi
%endif
%changelog
+* Mon Sep 7 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-24
+- Add check for nosuid, nodev in homechroot
+
* Tue Sep 1 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-23
- add correct patch for ip-opts
- Previous message (by thread): rpms/task/F-11 .cvsignore, 1.5, 1.6 import.log, 1.5, 1.6 sources, 1.6, 1.7 task.spec, 1.5, 1.6
- Next message (by thread): rpms/task/F-12 .cvsignore, 1.5, 1.6 import.log, 1.5, 1.6 sources, 1.6, 1.7 task.spec, 1.6, 1.7
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list