|
|
aedd00 |
diff -up openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-seteuid openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c
|
|
|
aedd00 |
--- openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c.psaa-seteuid 2017-02-07 15:41:53.172334151 +0100
|
|
|
aedd00 |
+++ openssh-7.4p1/pam_ssh_agent_auth-0.10.3/iterate_ssh_agent_keys.c 2017-02-07 15:41:53.174334149 +0100
|
|
|
aedd00 |
@@ -238,17 +238,26 @@ ssh_get_authentication_socket_for_uid(ui
|
|
|
aedd00 |
}
|
|
|
aedd00 |
|
|
|
aedd00 |
errno = 0;
|
|
|
aedd00 |
- seteuid(uid); /* To ensure a race condition is not used to circumvent the stat
|
|
|
aedd00 |
- above, we will temporarily drop UID to the caller */
|
|
|
aedd00 |
- if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
|
|
|
aedd00 |
+ /* To ensure a race condition is not used to circumvent the stat
|
|
|
aedd00 |
+ above, we will temporarily drop UID to the caller */
|
|
|
aedd00 |
+ if (seteuid(uid) == -1) {
|
|
|
aedd00 |
close(sock);
|
|
|
aedd00 |
- if(errno == EACCES)
|
|
|
aedd00 |
- fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
|
|
|
aedd00 |
+ error("seteuid(%lu) failed with error: %s",
|
|
|
aedd00 |
+ (unsigned long) uid, strerror(errno));
|
|
|
aedd00 |
return -1;
|
|
|
aedd00 |
}
|
|
|
aedd00 |
+ if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
|
|
|
aedd00 |
+ close(sock);
|
|
|
aedd00 |
+ sock = -1;
|
|
|
aedd00 |
+ if(errno == EACCES)
|
|
|
aedd00 |
+ fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
|
|
|
aedd00 |
+ }
|
|
|
aedd00 |
|
|
|
aedd00 |
- seteuid(0); /* we now continue the regularly scheduled programming */
|
|
|
aedd00 |
-
|
|
|
aedd00 |
+ /* we now continue the regularly scheduled programming */
|
|
|
aedd00 |
+ if (0 != seteuid(0)) {
|
|
|
aedd00 |
+ fatal("setuid(0) failed with error: %s", strerror(errno));
|
|
|
aedd00 |
+ return -1;
|
|
|
aedd00 |
+ }
|
|
|
aedd00 |
return sock;
|
|
|
aedd00 |
}
|
|
|
aedd00 |
|