30 lines
1.2 KiB
Diff
30 lines
1.2 KiB
Diff
openssh-CVE-2011-4327
|
|
|
|
A security flaw was found in the way ssh-keysign,
|
|
a ssh helper program for host based authentication,
|
|
attempted to retrieve enough entropy information on configurations that
|
|
lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
|
|
be executed to retrieve the entropy from the system environment).
|
|
A local attacker could use this flaw to obtain unauthorized access to host keys
|
|
via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
|
|
http://www.openssh.com/txt/portable-keysign-rand-helper.adv
|
|
|
|
Upstream-Status: Pending
|
|
|
|
Signed-off-by: Li Wang <li.wang@windriver.com>
|
|
--- a/ssh-keysign.c
|
|
+++ b/ssh-keysign.c
|
|
@@ -170,6 +170,10 @@
|
|
key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
|
|
key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
|
|
key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
|
|
+ if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 ||
|
|
+ fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 ||
|
|
+ fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0)
|
|
+ fatal("fcntl failed");
|
|
|
|
original_real_uid = getuid(); /* XXX readconf.c needs this */
|
|
if ((pw = getpwuid(original_real_uid)) == NULL)
|