Blame SOURCES/openssh-8.7p1-upstream-cve-2021-41617.patch
|
|
d60c81 |
diff --git a/auth.c b/auth.c
|
|
|
d60c81 |
index b8d1040d..0134d694 100644
|
|
|
d60c81 |
--- a/auth.c
|
|
|
d60c81 |
+++ b/auth.c
|
|
|
d60c81 |
@@ -56,6 +56,7 @@
|
|
|
d60c81 |
# include <paths.h>
|
|
|
d60c81 |
#endif
|
|
|
d60c81 |
#include <pwd.h>
|
|
|
d60c81 |
+#include <grp.h>
|
|
|
d60c81 |
#ifdef HAVE_LOGIN_H
|
|
|
d60c81 |
#include <login.h>
|
|
|
d60c81 |
#endif
|
|
|
d60c81 |
@@ -2695,6 +2696,12 @@ subprocess(const char *tag, const char *command,
|
|
|
d60c81 |
}
|
|
|
d60c81 |
closefrom(STDERR_FILENO + 1);
|
|
|
d60c81 |
|
|
|
d60c81 |
+ if (geteuid() == 0 &&
|
|
|
d60c81 |
+ initgroups(pw->pw_name, pw->pw_gid) == -1) {
|
|
|
d60c81 |
+ error("%s: initgroups(%s, %u): %s", tag,
|
|
|
d60c81 |
+ pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
|
|
|
d60c81 |
+ _exit(1);
|
|
|
d60c81 |
+ }
|
|
|
d60c81 |
/* Don't use permanently_set_uid() here to avoid fatal() */
|
|
|
d60c81 |
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
|
|
|
d60c81 |
error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
|