Attachment 1179 Details for Bug 1223 – proof-of-concept TUNSETOWNER patch

[patch] proof-of-concept TUNSETOWNER patch

openssh-4.3p2-001-tun_uid_02.patch (text/plain), 3.49 KB, created by Jason on 2006-08-31 01:28:13 AEST

(hide)

Description:

Filename:

MIME Type:

Creator: Jason

Created: 2006-08-31 01:28:13 AEST

Size: 3.49 KB

patch

obsolete

>diff -Nurd openssh-4.3p2.orig/misc.c openssh-4.3p2/misc.c
>--- openssh-4.3p2.orig/misc.c	2006-01-31 05:49:28.000000000 -0500
>+++ openssh-4.3p2/misc.c	2006-08-25 09:01:31.000000000 -0400
>@@ -579,12 +579,15 @@
> 	return -1;
> }
> 
>+#if defined(SSH_TUN_LINUX)
> int
>-tun_open(int tun, int mode)
>+tun_open(int tun, int mode, uid_t uid)
> {
>-#if defined(CUSTOM_SYS_TUN_OPEN)
>-	return (sys_tun_open(tun, mode));
>+	return (sys_tun_open(tun, mode, uid));
> #elif defined(SSH_TUN_OPENBSD)
>+int
>+tun_open(int tun, int mode)
>+{
> 	struct ifreq ifr;
> 	char name[100];
> 	int fd = -1, sock;
>diff -Nurd openssh-4.3p2.orig/misc.h openssh-4.3p2/misc.h
>--- openssh-4.3p2.orig/misc.h	2006-01-31 05:49:28.000000000 -0500
>+++ openssh-4.3p2/misc.h	2006-08-25 09:01:57.000000000 -0400
>@@ -55,7 +55,11 @@
> int	 ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
> int	 read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
> 
>-int	 tun_open(int, int);
>+#if defined(SSH_TUN_LINUX)
>+int	 tun_open(int, int, uid_t);
>+#else
>+int    tun_open(int, int);
>+#endif
> 
> /* Common definitions for ssh tunnel device forwarding */
> #define SSH_TUNMODE_NO		0x00
>diff -Nurd openssh-4.3p2.orig/openbsd-compat/port-tun.c openssh-4.3p2/openbsd-compat/port-tun.c
>--- openssh-4.3p2.orig/openbsd-compat/port-tun.c	2006-01-01 05:15:51.000000000 -0500
>+++ openssh-4.3p2/openbsd-compat/port-tun.c	2006-08-25 09:02:36.000000000 -0400
>@@ -39,7 +39,7 @@
> #include <linux/if_tun.h>
> 
> int
>-sys_tun_open(int tun, int mode)
>+sys_tun_open(int tun, int mode, uid_t uid)
> {
> 	struct ifreq ifr;
> 	int fd = -1;
>@@ -77,6 +77,12 @@
> 		goto failed;
> 	}
> 
>+   if (ioctl(fd, TUNSETOWNER, uid) == -1) {
>+      debug("%s: failed to set tunnel owner (uid %d): %s", __func__, 
>+         uid, strerror(errno));
>+      goto failed;
>+   }
>+
> 	if (tun == SSH_TUNID_ANY)
> 		debug("%s: tunnel mode %d fd %d", __func__, mode, fd);
> 	else
>diff -Nurd openssh-4.3p2.orig/openbsd-compat/port-tun.h openssh-4.3p2/openbsd-compat/port-tun.h
>--- openssh-4.3p2.orig/openbsd-compat/port-tun.h	2006-01-01 03:47:06.000000000 -0500
>+++ openssh-4.3p2/openbsd-compat/port-tun.h	2006-08-25 09:02:59.000000000 -0400
>@@ -19,7 +19,10 @@
> 
> #include "channels.h"
> 
>-#if defined(SSH_TUN_LINUX) || defined(SSH_TUN_FREEBSD)
>+#if defined(SSH_TUN_LINUX)
>+# define CUSTOM_SYS_TUN_OPEN
>+int	  sys_tun_open(int, int, uid_t);
>+#elif defined(SSH_TUN_FREEBSD)
> # define CUSTOM_SYS_TUN_OPEN
> int	  sys_tun_open(int, int);
> #endif
>diff -Nurd openssh-4.3p2.orig/serverloop.c openssh-4.3p2/serverloop.c
>--- openssh-4.3p2.orig/serverloop.c	2005-12-31 00:33:37.000000000 -0500
>+++ openssh-4.3p2/serverloop.c	2006-08-25 08:24:58.000000000 -0400
>@@ -941,7 +941,11 @@
> 			goto done;
> 		tun = forced_tun_device;
> 	}
>-	sock = tun_open(tun, mode);
>+#if defined(SSH_TUN_LINUX)
>+	sock = tun_open(tun, mode, the_authctxt->pw->pw_uid);
>+#else
>+   sock = tun_open(tun, mode);
>+#endif
> 	if (sock < 0)
> 		goto done;
> 	c = channel_new("tun", SSH_CHANNEL_OPEN, sock, sock, -1,
>diff -Nurd openssh-4.3p2.orig/ssh.c openssh-4.3p2/ssh.c
>--- openssh-4.3p2.orig/ssh.c	2005-12-31 00:33:37.000000000 -0500
>+++ openssh-4.3p2/ssh.c	2006-08-25 08:32:57.000000000 -0400
>@@ -1073,8 +1073,13 @@
> 		int fd;
> 
> 		debug("Requesting tun.");
>+#if defined(SSH_TUN_LINUX)
>+		if ((fd = tun_open(options.tun_local,
>+		    options.tun_open, original_real_uid)) >= 0) {
>+#else
> 		if ((fd = tun_open(options.tun_local,
> 		    options.tun_open)) >= 0) {
>+#endif
> 			c = channel_new("tun", SSH_CHANNEL_OPENING, fd, fd, -1,
> 			    CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT,
> 			    0, "tun", 1);

Actions: View | Diff

Attachments on bug 1223: 1179 | 1199 | 1315