1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
From a6414400ec94a17871081f7df24f910a6ee01b8b Mon Sep 17 00:00:00 2001
From: Ali Abdallah <aabdallah@suse.de>
Date: Wed, 24 Nov 2021 13:33:39 +0100
Subject: [PATCH] CVE-2021-41617 fix
backport of the following two upstream commits
f3cbe43e28fe71427d41cfe3a17125b972710455
bf944e3794eff5413f2df1ef37cddf96918c6bde
CVE-2021-41617 failed to correctly initialise supplemental groups
when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand,
where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser
directive has been set to run the command as a different user. Instead
these commands would inherit the groups that sshd(8) was started with.
---
auth.c | 8 ++++++++
1 file changed, 8 insertions(+)
CVE: CVE-2021-41617
Upstream-Status: Backport [https://bugzilla.suse.com/attachment.cgi?id=854015]
Comment: No change in any hunk
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
diff --git a/auth.c b/auth.c
index 163038f..a47b267 100644
--- a/auth.c
+++ b/auth.c
@@ -52,6 +52,7 @@
#include <limits.h>
#include <netdb.h>
#include <time.h>
+#include <grp.h>
#include "xmalloc.h"
#include "match.h"
@@ -851,6 +852,13 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
}
closefrom(STDERR_FILENO + 1);
+ if (geteuid() == 0 &&
+ initgroups(pw->pw_name, pw->pw_gid) == -1) {
+ error("%s: initgroups(%s, %u): %s", tag,
+ pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
+ _exit(1);
+ }
+
/* Don't use permanently_set_uid() here to avoid fatal() */
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
--
2.26.2
|