Bug 555 - If user does a newgrp before envoking ssh, it fails with a setgid error.
Summary: If user does a newgrp before envoking ssh, it fails with a setgid error.
Status: CLOSED WORKSFORME
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: ssh (show other bugs)
Version: -current
Hardware: UltraSPARC Solaris
: P2 normal
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2003-05-07 01:48 AEST by Charles Knipe
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Charles Knipe 2003-05-07 01:48:16 AEST
If a user does a newgrp to change their group id to a group they are a member 
of, which is not their primary group, ssh gets upset.  For example:

ichernysh@ofdb02:/home.local/ichernysh$ id -a
uid=3059(ichernysh) gid=506(dba) groups=3059(ichernysh),506(dba)
ichernysh@ofdb02:/home.local/ichernysh$ newgrp dba
ichernysh@ofdb02:/home.local/ichernysh$ ssh 127.0.0.1
setgid 3059: Not owner
ichernysh@ofdb02:/home.local/ichernysh$ ssh 127.0.0.1
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
RSA key fingerprint is 17:68:99:5f:02:ab:70:88:25:bd:88:a2:ef:96:a2:f0.
Are you sure you want to continue connecting (yes/no)?

The version of ssh in question is:
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f

I realize this is fairly old, but I found no reference to this bug anywhere in 
the bug reports for any version.
Comment 1 William Knox 2003-05-07 02:18:04 AEST
This works fine for me

OpenSSH 3.5p1
Solaris 8 (108528-18)
GNU bash, version 2.03.0(1)
Comment 2 Darren Tucker 2003-05-07 09:33:07 AEST
Works for me too (OpenSSH 3.6.1p2, Solaris 8, 108528-14).

Newer versions of OpenSSH no longer make ssh setuid, perhaps that's the 
difference.

$ id
uid=500(dtucker) gid=500(dtucker) groups=500(dtucker),514(cvs)
$ newgrp cvs
$ ssh localhost
dtucker@localhost's password:
$
Comment 3 Charles Knipe 2003-05-07 23:35:21 AEST
In that case, sorry to bother with an old bug, I'll upgrade at my next 
maintenance window.
Comment 4 Darren Tucker 2003-05-14 21:07:56 AEST
Please re-open if you can reproduce with current versions, this seems to be OK 
now.
Comment 5 Damien Miller 2004-04-14 12:24:19 AEST
Mass change of RESOLVED bugs to CLOSED