mirror of
https://github.com/mkj/dropbear.git
synced 2025-12-20 02:17:46 +08:00
Restore seteuid for authorized_keys
Some checks failed
Autoconf Up To Date / autoconf (push) Has been cancelled
BuildTest / build (#define DROPBEAR_CURVE25519 0
, pq, no plain x25519) (push) Has been cancelled
BuildTest / build (#define DROPBEAR_SHA1_HMAC 0
#define DROPBEAR_RSA_SHA1 0
#define DROPBEAR_DH_GROUP14_SHA1 0
#define DROPBEAR_ECDSA 0
#define DROPBEAR_ED25519 0
#define DROPBEAR_SK_KEYS 0
#define DROPBEAR_ENABLE_GCM_MODE 1
#define DROPBEAR_3DES 1
#define DROPBEA… (push) Has been cancelled
BuildTest / build (--disable-harden --disable-zlib --disable-openpty --disable-lastlog, #define DROPBEAR_RSA 0
#define INETD_MODE 0
#define DROPBEAR_REEXEC 0
#define DROPBEAR_SMALL_CODE 0
#define DROPBEAR_CLI_LOCALTCPFWD 0
#define DROPBEAR_CLI_REMOTETCPFWD 0
#defi… (push) Has been cancelled
BuildTest / build (--enable-bundled-libtom --enable-werror, bundled libtom, 22.04, no writev(), 1, ubuntu-22.04, no) (push) Has been cancelled
BuildTest / build (--enable-pam, #define DEBUG_TRACE 5
, DEBUG_TRACE, 1) (push) Has been cancelled
BuildTest / build (--enable-pam, -std=c89 -Wdeclaration-after-statement, #define DROPBEAR_SNTRUP761 0
#define DROPBEAR_MLKEM768 0
, c89, 1) (push) Has been cancelled
BuildTest / build (--enable-pam, nondefault options, 1) (push) Has been cancelled
BuildTest / build (1, 1, multi binary) (push) Has been cancelled
BuildTest / build (1, 1, multi binary, dropbearmulti argv0) (push) Has been cancelled
BuildTest / build (PROGRAMS=dbclient, client only, no) (push) Has been cancelled
BuildTest / build (PROGRAMS=dropbear, server only, no) (push) Has been cancelled
BuildTest / build (clang, linux clang) (push) Has been cancelled
BuildTest / build (no, clang, -Wno-deprecated-declarations -Wno-undef, #define DROPBEAR_SVR_DROP_PRIVS 0
, macos 14, macos-14, ranlib -no_warning_for_no_symbols, no) (push) Has been cancelled
BuildTest / build (no, clang, -Wno-deprecated-declarations -Wno-undef, #define DROPBEAR_SVR_DROP_PRIVS 0
, macos 15, macos-15, ranlib -no_warning_for_no_symbols, no) (push) Has been cancelled
BuildTest / build (plain linux, 1) (push) Has been cancelled
CIFuzz / Fuzzing (push) Has been cancelled
Out of tree build / outoftree (push) Has been cancelled
tarball sha256sum / tarball (push) Has been cancelled
Some checks failed
Autoconf Up To Date / autoconf (push) Has been cancelled
BuildTest / build (#define DROPBEAR_CURVE25519 0
, pq, no plain x25519) (push) Has been cancelled
BuildTest / build (#define DROPBEAR_SHA1_HMAC 0
#define DROPBEAR_RSA_SHA1 0
#define DROPBEAR_DH_GROUP14_SHA1 0
#define DROPBEAR_ECDSA 0
#define DROPBEAR_ED25519 0
#define DROPBEAR_SK_KEYS 0
#define DROPBEAR_ENABLE_GCM_MODE 1
#define DROPBEAR_3DES 1
#define DROPBEA… (push) Has been cancelled
BuildTest / build (--disable-harden --disable-zlib --disable-openpty --disable-lastlog, #define DROPBEAR_RSA 0
#define INETD_MODE 0
#define DROPBEAR_REEXEC 0
#define DROPBEAR_SMALL_CODE 0
#define DROPBEAR_CLI_LOCALTCPFWD 0
#define DROPBEAR_CLI_REMOTETCPFWD 0
#defi… (push) Has been cancelled
BuildTest / build (--enable-bundled-libtom --enable-werror, bundled libtom, 22.04, no writev(), 1, ubuntu-22.04, no) (push) Has been cancelled
BuildTest / build (--enable-pam, #define DEBUG_TRACE 5
, DEBUG_TRACE, 1) (push) Has been cancelled
BuildTest / build (--enable-pam, -std=c89 -Wdeclaration-after-statement, #define DROPBEAR_SNTRUP761 0
#define DROPBEAR_MLKEM768 0
, c89, 1) (push) Has been cancelled
BuildTest / build (--enable-pam, nondefault options, 1) (push) Has been cancelled
BuildTest / build (1, 1, multi binary) (push) Has been cancelled
BuildTest / build (1, 1, multi binary, dropbearmulti argv0) (push) Has been cancelled
BuildTest / build (PROGRAMS=dbclient, client only, no) (push) Has been cancelled
BuildTest / build (PROGRAMS=dropbear, server only, no) (push) Has been cancelled
BuildTest / build (clang, linux clang) (push) Has been cancelled
BuildTest / build (no, clang, -Wno-deprecated-declarations -Wno-undef, #define DROPBEAR_SVR_DROP_PRIVS 0
, macos 14, macos-14, ranlib -no_warning_for_no_symbols, no) (push) Has been cancelled
BuildTest / build (no, clang, -Wno-deprecated-declarations -Wno-undef, #define DROPBEAR_SVR_DROP_PRIVS 0
, macos 15, macos-15, ranlib -no_warning_for_no_symbols, no) (push) Has been cancelled
BuildTest / build (plain linux, 1) (push) Has been cancelled
CIFuzz / Fuzzing (push) Has been cancelled
Out of tree build / outoftree (push) Has been cancelled
tarball sha256sum / tarball (push) Has been cancelled
Authorized_keys reading is pre-authentication so should not be
modified in the post-auth drop-privilege change.
Fixes: e0251be235 ("Drop privileges after user authentication")
This commit is contained in:
Matt Johnston
@@ -464,14 +464,12 @@ static int checkpubkey(const char* keyalgo, unsigned int keyalgolen,
|
||||
int ret = DROPBEAR_FAILURE;
|
||||
buffer * line = NULL;
|
||||
int line_num;
|
||||
#if !DROPBEAR_SVR_DROP_PRIVS
|
||||
uid_t origuid;
|
||||
gid_t origgid;
|
||||
#endif
|
||||
|
||||
TRACE(("enter checkpubkey"))
|
||||
|
||||
#if !DROPBEAR_SVR_DROP_PRIVS
|
||||
#if DROPBEAR_SVR_MULTIUSER
|
||||
/* access the file as the authenticating user. */
|
||||
origuid = getuid();
|
||||
origgid = getgid();
|
||||
@@ -492,7 +490,7 @@ static int checkpubkey(const char* keyalgo, unsigned int keyalgolen,
|
||||
TRACE(("checkpubkey: failed opening %s: %s", filename, strerror(errno)))
|
||||
}
|
||||
}
|
||||
#if !DROPBEAR_SVR_DROP_PRIVS
|
||||
#if DROPBEAR_SVR_MULTIUSER
|
||||
if ((seteuid(origuid)) < 0 ||
|
||||
(setegid(origgid)) < 0) {
|
||||
dropbear_exit("Failed to revert euid");
|
||||
|
||||
Reference in New Issue
Block a user