diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2008-02-13 22:38:18 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2008-02-13 22:38:18 +0000 |
| commit | f2b5c15547e9074adf9b3206e8ed089a067358f7 (patch) | |
| tree | 0267e6abec7e10a60f9389f7ec37c919995a0c0e | |
| parent | 5e6b3a2865f7110320908660f1c039c682d47d2a (diff) | |
rekey arc4random and OpenSSL RNG in postauth child
closefrom fds > 2 before shell/command execution
ok markus@
| -rw-r--r-- | usr.bin/ssh/servconf.h | 5 | ||||
| -rw-r--r-- | usr.bin/ssh/session.c | 9 | ||||
| -rw-r--r-- | usr.bin/ssh/sshd.c | 13 |
3 files changed, 20 insertions, 7 deletions
diff --git a/usr.bin/ssh/servconf.h b/usr.bin/ssh/servconf.h index 46e732d2588..ae07cb81e39 100644 --- a/usr.bin/ssh/servconf.h +++ b/usr.bin/ssh/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.81 2008/02/08 23:24:08 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.82 2008/02/13 22:38:17 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -36,6 +36,9 @@ #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ +/* Magic name for internal sftp-server */ +#define INTERNAL_SFTP_NAME "internal-sftp" + typedef struct { u_int num_ports; u_int ports_from_cmdline; diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 4064e9d0163..b08f2add25b 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.227 2008/02/10 10:54:29 djm Exp $ */ +/* $OpenBSD: session.c,v 1.228 2008/02/13 22:38:17 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -86,9 +86,6 @@ #include <kafs.h> #endif -/* Magic name for internal sftp-server */ -#define INTERNAL_SFTP_NAME "internal-sftp" - /* func */ Session *session_new(void); @@ -438,6 +435,8 @@ do_exec_no_pty(Session *s, const char *command) if (dup2(err[0], 2) < 0) /* stderr */ perror("dup2 stderr"); + closefrom(STDERR_FILENO + 1); + /* Do processing for the child (exec command etc). */ do_child(s, command); /* NOTREACHED */ @@ -508,6 +507,8 @@ do_exec_pty(Session *s, const char *command) if (!(options.use_login && command == NULL)) do_login(s, command); + closefrom(STDERR_FILENO + 1); + /* Do common processing for the child, such as execing the command. */ do_child(s, command); /* NOTREACHED */ diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 3b67e1514e8..afa3ff75793 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.353 2007/12/31 15:27:04 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.354 2008/02/13 22:38:17 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -566,11 +566,12 @@ privsep_preauth_child(void) u_int32_t rnd[256]; gid_t gidset[1]; struct passwd *pw; - int i; + u_int i; /* Enable challenge-response authentication for privilege separation */ privsep_challenge_enable(); + arc4random_stir(); for (i = 0; i < 256; i++) rnd[i] = arc4random(); RAND_seed(rnd, sizeof(rnd)); @@ -651,6 +652,9 @@ privsep_preauth(Authctxt *authctxt) static void privsep_postauth(Authctxt *authctxt) { + u_int32_t rnd[256]; + u_int i; + if (authctxt->pw->pw_uid == 0 || options.use_login) { /* File descriptor passing is broken or root login */ use_privsep = 0; @@ -678,6 +682,11 @@ privsep_postauth(Authctxt *authctxt) /* Demote the private keys to public keys. */ demote_sensitive_data(); + arc4random_stir(); + for (i = 0; i < 256; i++) + rnd[i] = arc4random(); + RAND_seed(rnd, sizeof(rnd)); + /* Drop privileges */ do_setusercontext(authctxt->pw); |