diff options
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/openssh-CVE-2011-4327.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/openssh-CVE-2011-4327.patch | 29 |
1 files changed, 0 insertions, 29 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2011-4327.patch b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2011-4327.patch deleted file mode 100644 index 30c11cf432..0000000000 --- a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2011-4327.patch +++ /dev/null @@ -1,29 +0,0 @@ -openssh-CVE-2011-4327 - -A security flaw was found in the way ssh-keysign, -a ssh helper program for host based authentication, -attempted to retrieve enough entropy information on configurations that -lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would -be executed to retrieve the entropy from the system environment). -A local attacker could use this flaw to obtain unauthorized access to host keys -via ptrace(2) process trace attached to the 'ssh-rand-helper' program. - -https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327 -http://www.openssh.com/txt/portable-keysign-rand-helper.adv - -Upstream-Status: Pending - -Signed-off-by: Li Wang <li.wang@windriver.com> ---- a/ssh-keysign.c -+++ b/ssh-keysign.c -@@ -170,6 +170,10 @@ - key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); - key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); -+ if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 || -+ fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 || -+ fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0) -+ fatal("fcntl failed"); - - original_real_uid = getuid(); /* XXX readconf.c needs this */ - if ((pw = getpwuid(original_real_uid)) == NULL) |