|
Line
Link Here
|
| 0 |
-- openssh-7.3p1.orig/readconf.c |
0 |
++ openssh-7.3p1/readconf.c |
|
Lines 15-20
Link Here
|
| 15 |
#include "includes.h" |
15 |
#include "includes.h" |
| 16 |
|
16 |
|
| 17 |
#include <sys/types.h> |
17 |
#include <sys/types.h> |
|
|
18 |
#include <sys/capability.h> |
| 18 |
#include <sys/stat.h> |
19 |
#include <sys/stat.h> |
| 19 |
#include <sys/socket.h> |
20 |
#include <sys/socket.h> |
| 20 |
#include <sys/wait.h> |
21 |
#include <sys/wait.h> |
|
Lines 327-333
add_local_forward(Options *options, cons
Link Here
|
| 327 |
extern uid_t original_real_uid; |
328 |
extern uid_t original_real_uid; |
| 328 |
int i; |
329 |
int i; |
| 329 |
|
330 |
|
|
|
331 |
cap_flag_value_t cap_flag_value_e, cap_flag_value_p; |
| 332 |
cap_t caps; |
| 333 |
|
| 334 |
caps = cap_get_proc(); |
| 335 |
cap_get_flag(caps, CAP_NET_BIND_SERVICE, CAP_EFFECTIVE, &cap_flag_value_e); |
| 336 |
cap_get_flag(caps, CAP_NET_BIND_SERVICE, CAP_PERMITTED, &cap_flag_value_p); |
| 337 |
|
| 338 |
//caps & CAP_TO_MASK(CAP_NET_BIND_SERVICE) != CAP_TO_MASK(CAP_NET_BIND_SERVICE) && |
| 330 |
if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && |
339 |
if (newfwd->listen_port < IPPORT_RESERVED && original_real_uid != 0 && |
|
|
340 |
(cap_flag_value_e != CAP_SET || cap_flag_value_p != CAP_SET) && |
| 331 |
newfwd->listen_path == NULL) |
341 |
newfwd->listen_path == NULL) |
| 332 |
fatal("Privileged ports can only be forwarded by root."); |
342 |
fatal("Privileged ports can only be forwarded by root."); |
| 333 |
/* Don't add duplicates */ |
343 |
/* Don't add duplicates */ |
| 334 |
-- openssh-7.3p1.orig/configure.ac |
344 |
++ openssh-7.3p1/configure.ac |
|
Lines 775-780
main() { if (NSVersionOfRunTimeLibrary("
Link Here
|
| 775 |
use_pie=auto |
775 |
use_pie=auto |
| 776 |
check_for_libcrypt_later=1 |
776 |
check_for_libcrypt_later=1 |
| 777 |
check_for_openpty_ctty_bug=1 |
777 |
check_for_openpty_ctty_bug=1 |
|
|
778 |
# libcap |
| 779 |
# use capabilities |
| 780 |
LIBS="$LIBS -lcap" |
| 778 |
AC_DEFINE([PAM_TTY_KLUDGE], [1], |
781 |
AC_DEFINE([PAM_TTY_KLUDGE], [1], |
| 779 |
[Work around problematic Linux PAM modules handling of PAM_TTY]) |
782 |
[Work around problematic Linux PAM modules handling of PAM_TTY]) |
| 780 |
AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], |
783 |
AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], |