[openssh] fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent
Tomáš Mráz
tmraz at fedoraproject.org
Fri Jun 22 12:52:37 UTC 2012
commit 4f4687ce8045418f678c323bb22c837f35d7b9fa
Author: Tomas Mraz <tmraz at fedoraproject.org>
Date: Fri Jun 22 14:52:35 2012 +0200
fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent
is not running, most probably not exploitable
update pam_ssh_agent_auth to 0.9.3 upstream version
.gitignore | 1 +
openssh.spec | 22 ++++++++++---
pam_ssh_agent_auth-0.9.2-visibility.patch | 21 ++++++++++++
...d.patch => pam_ssh_agent_auth-0.9.3-build.patch | 33 ++++++-------------
sources | 2 +-
5 files changed, 51 insertions(+), 28 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 2cf244c..57ab32a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -5,3 +5,4 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
/openssh-5.8p1-noacss.tar.bz2
/openssh-5.8p2-noacss.tar.bz2
/openssh-5.9p1-noacss.tar.bz2
+/pam_ssh_agent_auth-0.9.3.tar.bz2
diff --git a/openssh.spec b/openssh.spec
index 1d97131..95f9f99 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -75,9 +75,9 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_ver 5.9p1
-%define openssh_rel 22
-%define pam_ssh_agent_ver 0.9.2
-%define pam_ssh_agent_rel 32
+%define openssh_rel 23
+%define pam_ssh_agent_ver 0.9.3
+%define pam_ssh_agent_rel 1
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
@@ -134,8 +134,12 @@ Patch204: openssh-5.9p1-audit4.patch
Patch205: openssh-5.9p1-audit5.patch
# --- pam_ssh-agent ---
-Patch300: pam_ssh_agent_auth-0.9-build.patch
+# make it build reusing the openssh sources
+Patch300: pam_ssh_agent_auth-0.9.3-build.patch
+# check return value of seteuid()
Patch301: pam_ssh_agent_auth-0.9.2-seteuid.patch
+# explicitly make pam callbacks visible
+Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
Patch400: openssh-5.9p1-role.patch
@@ -410,6 +414,7 @@ The module is most useful for su and sudo service stacks.
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
%patch300 -p1 -b .psaa-build
%patch301 -p1 -b .psaa-seteuid
+%patch302 -p1 -b .psaa-visibility
# Remove duplicate headers
rm -f $(cat %{SOURCE5})
popd
@@ -471,7 +476,9 @@ autoreconf
popd
%build
-CFLAGS="$RPM_OPT_FLAGS"; export CFLAGS
+# the -fvisibility=hidden is needed for clean build of the pam_ssh_agent_auth
+# and it makes the ssh build more clean and even optimized better
+CFLAGS="$RPM_OPT_FLAGS -fvisibility=hidden"; export CFLAGS
%if %{rescue}
CFLAGS="$CFLAGS -Os"
%endif
@@ -796,6 +803,11 @@ fi
%endif
%changelog
+* Fri Jun 22 2012 Tomas Mraz <tmraz at redhat.com> 5.9p1-23 + 0.9.3-1
+- fix segfault in su when pam_ssh_agent_auth is used and the ssh-agent
+ is not running, most probably not exploitable
+- update pam_ssh_agent_auth to 0.9.3 upstream version
+
* Fri Apr 06 2012 Petr Lautrbach <plautrba at redhat.com> 5.9p1-22 + 0.9.2-32
- don't create RSA1 key in FIPS mode
- don't install sshd-keygen.service (#810419)
diff --git a/pam_ssh_agent_auth-0.9.2-visibility.patch b/pam_ssh_agent_auth-0.9.2-visibility.patch
new file mode 100644
index 0000000..f229144
--- /dev/null
+++ b/pam_ssh_agent_auth-0.9.2-visibility.patch
@@ -0,0 +1,21 @@
+diff -up pam_ssh_agent_auth-0.9.2/pam_ssh_agent_auth.c.visibility pam_ssh_agent_auth-0.9.2/pam_ssh_agent_auth.c
+--- pam_ssh_agent_auth-0.9.2/pam_ssh_agent_auth.c.visibility 2009-12-21 20:57:34.000000000 +0100
++++ pam_ssh_agent_auth-0.9.2/pam_ssh_agent_auth.c 2012-06-21 20:01:31.356259429 +0200
+@@ -68,7 +68,7 @@ char *__progname;
+ extern char *__progname;
+ #endif
+
+-PAM_EXTERN int
++PAM_EXTERN int __attribute__ ((visibility ("default")))
+ pam_sm_authenticate(pam_handle_t * pamh, int flags, int argc, const char **argv)
+ {
+ char **argv_ptr;
+@@ -184,7 +184,7 @@ pam_sm_authenticate(pam_handle_t * pamh,
+ }
+
+
+-PAM_EXTERN int
++PAM_EXTERN int __attribute__ ((visibility ("default")))
+ pam_sm_setcred(pam_handle_t * pamh, int flags, int argc, const char **argv)
+ {
+ return PAM_SUCCESS;
diff --git a/pam_ssh_agent_auth-0.9-build.patch b/pam_ssh_agent_auth-0.9.3-build.patch
similarity index 78%
rename from pam_ssh_agent_auth-0.9-build.patch
rename to pam_ssh_agent_auth-0.9.3-build.patch
index ddacff6..40ab19d 100644
--- a/pam_ssh_agent_auth-0.9-build.patch
+++ b/pam_ssh_agent_auth-0.9.3-build.patch
@@ -1,7 +1,7 @@
-diff -up pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c.psaa-build pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c
---- pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c.psaa-build 2009-08-08 11:51:04.000000000 +0200
-+++ pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c 2009-10-16 15:20:55.000000000 +0200
-@@ -41,7 +41,16 @@
+diff -up pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c.psaa-build pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c
+--- pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c.psaa-build 2010-01-13 03:17:01.000000000 +0100
++++ pam_ssh_agent_auth-0.9.3/iterate_ssh_agent_keys.c 2012-06-21 20:14:56.432527764 +0200
+@@ -37,7 +37,16 @@
#include "buffer.h"
#include "key.h"
#include "authfd.h"
@@ -18,7 +18,7 @@ diff -up pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c.psaa-build pam_ssh_agen
#include <openssl/evp.h>
#include "userauth_pubkey_from_id.h"
-@@ -73,6 +82,96 @@ session_id2_gen()
+@@ -69,6 +78,96 @@ session_id2_gen()
return cookie;
}
@@ -115,7 +115,7 @@ diff -up pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c.psaa-build pam_ssh_agen
int
find_authorized_keys(uid_t uid)
{
-@@ -85,7 +184,7 @@ find_authorized_keys(uid_t uid)
+@@ -81,7 +180,7 @@ find_authorized_keys(uid_t uid)
OpenSSL_add_all_digests();
session_id2 = session_id2_gen();
@@ -124,14 +124,14 @@ diff -up pam_ssh_agent_auth-0.9/iterate_ssh_agent_keys.c.psaa-build pam_ssh_agen
verbose("Contacted ssh-agent of user %s (%u)", getpwuid(uid)->pw_name, uid);
for (key = ssh_get_first_identity(ac, &comment, 2); key != NULL; key = ssh_get_next_identity(ac, &comment, 2))
{
-@@ -113,3 +212,4 @@ find_authorized_keys(uid_t uid)
+@@ -109,3 +208,4 @@ find_authorized_keys(uid_t uid)
EVP_cleanup();
return retval;
}
+
-diff -up pam_ssh_agent_auth-0.9/Makefile.in.psaa-build pam_ssh_agent_auth-0.9/Makefile.in
---- pam_ssh_agent_auth-0.9/Makefile.in.psaa-build 2009-08-06 07:40:16.000000000 +0200
-+++ pam_ssh_agent_auth-0.9/Makefile.in 2009-10-16 15:20:55.000000000 +0200
+diff -up pam_ssh_agent_auth-0.9.3/Makefile.in.psaa-build pam_ssh_agent_auth-0.9.3/Makefile.in
+--- pam_ssh_agent_auth-0.9.3/Makefile.in.psaa-build 2009-10-27 21:19:41.000000000 +0100
++++ pam_ssh_agent_auth-0.9.3/Makefile.in 2012-06-21 20:14:56.432527764 +0200
@@ -28,7 +28,7 @@ PATHS=
CC=@CC@
LD=@LD@
@@ -176,15 +176,4 @@ diff -up pam_ssh_agent_auth-0.9/Makefile.in.psaa-build pam_ssh_agent_auth-0.9/Ma
$(MANPAGES): $(MANPAGES_IN)
pod2man --section=8 --release=v0.8 --name=pam_ssh_agent_auth --official --center "PAM" pam_ssh_agent_auth.pod > pam_ssh_agent_auth.8
-diff -up pam_ssh_agent_auth-0.9/pam_user_authorized_keys.c.psaa-build pam_ssh_agent_auth-0.9/pam_user_authorized_keys.c
---- pam_ssh_agent_auth-0.9/pam_user_authorized_keys.c.psaa-build 2009-07-29 02:46:38.000000000 +0200
-+++ pam_ssh_agent_auth-0.9/pam_user_authorized_keys.c 2009-10-16 15:50:36.000000000 +0200
-@@ -94,7 +94,7 @@ parse_authorized_key_file(const char *us
- /*
- * temporary copy, so that both tilde expansion and percent expansion both get to apply to the path
- */
-- strncat(auth_keys_file_buf, authorized_keys_file_input, 4096);
-+ strncat(auth_keys_file_buf, authorized_keys_file_input, sizeof(auth_keys_file_buf)-1);
-
- if(allow_user_owned_authorized_keys_file)
- authorized_keys_file_allowed_owner_uid = getpwnam(user)->pw_uid;
+diff -up pam_ssh_agent_auth-0.9.3/pam_user_authorized_keys.c.psaa-build pam_ssh_agent_auth-0.9.3/pam_user_authorized_keys.c
diff --git a/sources b/sources
index 3245ab1..96ec085 100644
--- a/sources
+++ b/sources
@@ -1,2 +1,2 @@
085cfbb262f1b8b875aadea6fba60b1b openssh-5.9p1-noacss.tar.bz2
-b68f1c385d7885fbe2c3626bf77aa3d6 pam_ssh_agent_auth-0.9.2.tar.bz2
+9872ca1983e566ff5a89c240529e223d pam_ssh_agent_auth-0.9.3.tar.bz2
More information about the scm-commits
mailing list