1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From ad2748dee50e4c0040f6efda5eff4a34e4eb5b85 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sun, 26 Sep 2021 14:01:03 +0000
Subject: upstream: need initgroups() before setresgid(); reported by anton@,
ok deraadt@
OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
Bug-Debian: https://bugs.debian.org/995130
Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=f3cbe43e28fe71427d41cfe3a17125b972710455
Last-Update: 2023-12-19
Patch-Name: CVE-2021-41617-1.patch
---
auth.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/auth.c b/auth.c
index 4152d9c44..32870851b 100644
--- a/auth.c
+++ b/auth.c
@@ -853,6 +853,12 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
}
closefrom(STDERR_FILENO + 1);
+ if (geteuid() == 0 &&
+ initgroups(pw->pw_name, pw->pw_gid) == -1) {
+ error("%s: initgroups(%s, %u): %s", tag,
+ pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
+ _exit(1);
+ }
/* Don't use permanently_set_uid() here to avoid fatal() */
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
|
