Blame SOURCES/openssh-8.7p1-upstream-cve-2021-41617.patch
|
|
5dbb6f |
diff --git a/misc.c b/misc.c
|
|
|
5dbb6f |
index b8d1040d..0134d694 100644
|
|
|
5dbb6f |
--- a/misc.c
|
|
|
5dbb6f |
+++ b/misc.c
|
|
|
5dbb6f |
@@ -56,6 +56,7 @@
|
|
|
5dbb6f |
#ifdef HAVE_PATHS_H
|
|
|
5dbb6f |
# include <paths.h>
|
|
|
5dbb6f |
#include <pwd.h>
|
|
|
5dbb6f |
+#include <grp.h>
|
|
|
5dbb6f |
#endif
|
|
|
5dbb6f |
#ifdef SSH_TUN_OPENBSD
|
|
|
5dbb6f |
#include <net/if.h>
|
|
|
5dbb6f |
@@ -2695,6 +2696,12 @@ subprocess(const char *tag, const char *command,
|
|
|
5dbb6f |
}
|
|
|
5dbb6f |
closefrom(STDERR_FILENO + 1);
|
|
|
5dbb6f |
|
|
|
5dbb6f |
+ if (geteuid() == 0 &&
|
|
|
5dbb6f |
+ initgroups(pw->pw_name, pw->pw_gid) == -1) {
|
|
|
5dbb6f |
+ error("%s: initgroups(%s, %u): %s", tag,
|
|
|
5dbb6f |
+ pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
|
|
|
5dbb6f |
+ _exit(1);
|
|
|
5dbb6f |
+ }
|
|
|
5dbb6f |
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
|
|
|
5dbb6f |
error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
|
|
|
5dbb6f |
strerror(errno));
|