Bug 656415
| Summary: | pam_ssh_agent_auth does not properly restore euid if connect to the ssh-agent socket fails | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Tomas Mraz <tmraz> | ||||||
| Component: | openssh | Assignee: | Jan F. Chadima <jchadima> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||||
| Severity: | medium | Docs Contact: | |||||||
| Priority: | medium | ||||||||
| Version: | 6.0 | CC: | mvadkert, sgrubb | ||||||
| Target Milestone: | rc | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | openssh-5.3p1-33.el6 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2011-05-19 13:30:46 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Attachments: |
|
||||||||
Created attachment 462392 [details]
Better patch adds also missing close(sock) if seteuid fails
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0598.html |
Created attachment 462391 [details] Proposed patch pam_ssh_agent_auth sets euid temporarily to the user during the connect to the ssh-agent socket to avoid possible race conditions. However if the connect fails for example if the ssh-agent is not running it will fail to restore the original euid. This causes following modules in the PAM stack to fail. Testing instructions: Add auth sufficient pam_ssh_agent_auth.so file=~/.ssh/authorized_keys to the /etc/pam.d/su. Run 'ssh-agent -a .ssh-agent-socket' as user. Then kill the ssh-agent process. Verify that the stale unix socket ~/.ssh-agent-socket is still present. Try to su to root - it asks for password but it fails even if you supply correct root password.