This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Cygwin OpenSSH 3.4 privilege separation issues

From: Corinna Vinschen <corinna-cygwin at cygwin dot com>
To: cygwin at cygwin dot com
Date: Thu, 27 Jun 2002 18:10:33 +0200
Subject: Re: Cygwin OpenSSH 3.4 privilege separation issues
References: <Pine.LNX.4.44.0206271129150.2622-100000@rd.incert.com>
Reply-to: cygwin at cygwin dot com

On Thu, Jun 27, 2002 at 11:36:14AM -0400, Chris Metcalf wrote:
> I upgraded from running OpenSSH 3.3 with privilege separation to running
> OpenSSH 3.4 and it no longer starts up correctly as a service;  
> /var/log/sshd.log holds "Bad owner or mode for /var/empty".  I've done a
> "chown 0 /var/empty; chmod 700 /var/empty" which should match the checking
> code in sshd.c, but for some reason it doesn't appear to.  (A small
> cut-and-paste of the /var/empty checking code from sshd.c into a separate
> program doesn't issue the warning.) So this is a puzzle.
> 
> Of course, "uid 0" is Everyone, and what we really want here is a check
> that /var/empty is owned by SYSTEM (uid 18).  This is really a bigger 
> issue; we shouldn't be relying on uid 0 to be special under Cygwin.

We don't.  Did you read my announcement?  I've told that the code isn't
the same as in the official package.  The official maintainers actually
added the check for uid 0.  I wasn't really excited as you might guess.

My change added to the Cygwin version (which will get into the official
sources in a few days) is the following:

--- sshd.c.orig 2002-06-26 18:21:03.000000000 +0200
+++ sshd.c      2002-06-26 18:20:55.000000000 +0200  
@@ -1035,7 +1035,13 @@ main(int ac, char **av)
                    (S_ISDIR(st.st_mode) == 0))
                        fatal("Missing privilege separation directory: %s",
                            _PATH_PRIVSEP_CHROOT_DIR);
+#ifdef HAVE_CYGWIN
+               if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) &&
+                   (st.st_uid != getuid () ||
+                    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
+#else
                if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+#endif
                        fatal("Bad owner or mode for %s",
                            _PATH_PRIVSEP_CHROOT_DIR);
        }

This results in checking the owner of /var/empty against the user
running sshd... so that's typically SYSTEM.

> Meanwhile I've flipped UsePrivilegeSeparation back off for now, but we 
> should get these issues fixed so we can use privilege separation.

It is.

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin@cygwin.com
Red Hat, Inc.

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

References:
- Cygwin OpenSSH 3.4 privilege separation issues
  - From: Chris Metcalf

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]