Bugzilla – Attachment 2506 Details for
Bug 2311
simple attack when control channel muxing is used
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
mux socket client side checks
openssh-6.7p1_socket-hardening.diff (text/plain), 1.36 KB, created by
Christoph Anton Mitterer
on 2014-11-15 14:15:36 AEDT
(
hide
)
Description:
mux socket client side checks
Filename:
MIME Type:
Creator:
Christoph Anton Mitterer
Created:
2014-11-15 14:15:36 AEDT
Size:
1.36 KB
patch
obsolete
>From d08ff5729992bf628932565f4ca45867f04be6f8 Mon Sep 17 00:00:00 2001 >From: mancha <mancha1 AT zoho DOT com> >Date: Mon, 10 Nov 2014 >Subject: Stricter conditions on control socket > >Before allowing access to a control socket make sure: a) user owns the file; >b) it has perms 600; and c) its hard link count is not greater than one. > >--- > mux.c | 14 ++++++++++++++ > 1 file changed, 14 insertions(+) > >--- a/mux.c >+++ b/mux.c >@@ -2087,6 +2087,7 @@ muxclient(const char *path) > socklen_t sun_len; > int sock; > u_int pid; >+ struct stat filestat; > > if (muxclient_command == 0) { > if (stdio_forward_host != NULL) >@@ -2118,6 +2119,19 @@ muxclient(const char *path) > if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0) > fatal("%s socket(): %s", __func__, strerror(errno)); > >+ /* Check file perms, hard link count, and ownership */ >+ if (stat(path, &filestat) == 0) { >+ if (filestat.st_uid != geteuid()) >+ fatal("You do not own the file specified by " >+ "ControlPath \"%.100s\"", path); >+ if (filestat.st_mode & 0177) >+ fatal("File specified by ControlPath \"%.100s\" " >+ "must have permissions 600", path); >+ if (filestat.st_nlink > 1) >+ fatal("File specified by ControlPath \"%.100s\" " >+ "has more than one hard link", path); >+ } >+ > if (connect(sock, (struct sockaddr *)&addr, sun_len) == -1) { > switch (muxclient_command) { > case SSHMUX_COMMAND_OPEN:
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2311
: 2506