openssh/openssh-6.6p1-sftp_force_permissions.patch
Petr Cerny efb05e6527 Accepting request 230097 from home:pcerny:factory
- Update of the underlying OpenSSH to 6.6p1

- update to 6.6p1
  Security:
  * sshd(8): when using environment passing with a sshd_config(5)
    AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could
    be tricked into accepting any enviornment variable that
    contains the characters before the wildcard character.
  Features since 6.5p1:
  * ssh(1), sshd(8): removal of the J-PAKE authentication code,
    which was experimental, never enabled and has been
    unmaintained for some time.
  * ssh(1): skip 'exec' clauses other clauses predicates failed
    to match while processing Match blocks.
  * ssh(1): if hostname canonicalisation is enabled and results
    in the destination hostname being changed, then re-parse
    ssh_config(5) files using the new destination hostname. This
    gives 'Host' and 'Match' directives that use the expanded
    hostname a chance to be applied.
  Bugfixes:
  * ssh(1): avoid spurious "getsockname failed: Bad file
    descriptor" in ssh -W. bz#2200, debian#738692
  * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and
    systrace sandbox modes, as it is reachable if the connection
    is terminated during the pre-auth phase.
  * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1
    bignum parsing. Minimum key length checks render this bug
    unexploitable to compromise SSH 1 sessions.
  * sshd_config(5): clarify behaviour of a keyword that appears
    in multiple matching Match blocks. bz#2184

OBS-URL: https://build.opensuse.org/request/show/230097
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=76
2014-04-14 21:53:01 +00:00

156 lines
4.6 KiB
Diff

# additional option for sftp-server to force file mode for new files
# FATE#312774
# http://lists.mindrot.org/pipermail/openssh-unix-dev/2010-November/029044.html
# http://marc.info/?l=openssh-unix-dev&m=128896838930893
diff --git a/openssh-6.6p1/sftp-server.8 b/openssh-6.6p1/sftp-server.8
--- a/openssh-6.6p1/sftp-server.8
+++ b/openssh-6.6p1/sftp-server.8
@@ -33,16 +33,17 @@
.Bk -words
.Op Fl ehR
.Op Fl d Ar start_directory
.Op Fl f Ar log_facility
.Op Fl l Ar log_level
.Op Fl P Ar blacklisted_requests
.Op Fl p Ar whitelisted_requests
.Op Fl u Ar umask
+.Op Fl m Ar force_file_permissions
.Ek
.Nm
.Fl Q Ar protocol_feature
.Sh DESCRIPTION
.Nm
is a program that speaks the server side of SFTP protocol
to stdout and expects client requests from stdin.
.Nm
@@ -133,16 +134,20 @@ Places this instance of
into a read-only mode.
Attempts to open files for writing, as well as other operations that change
the state of the filesystem, will be denied.
.It Fl u Ar umask
Sets an explicit
.Xr umask 2
to be applied to newly-created files and directories, instead of the
user's default mask.
+.It Fl m Ar force_file_permissions
+Sets explicit file permissions to be applied to newly-created files instead
+of the default or client requested mode. Numeric values include:
+777, 755, 750, 666, 644, 640, etc. Option -u is ineffective if -m is set.
.El
.Pp
For logging to work,
.Nm
must be able to access
.Pa /dev/log .
Use of
.Nm
diff --git a/openssh-6.6p1/sftp-server.c b/openssh-6.6p1/sftp-server.c
--- a/openssh-6.6p1/sftp-server.c
+++ b/openssh-6.6p1/sftp-server.c
@@ -75,16 +75,20 @@ static u_int version;
static int init_done;
/* Disable writes */
static int readonly;
/* Requests that are allowed/denied */
static char *request_whitelist, *request_blacklist;
+/* Force file permissions */
+int permforce = 0;
+long permforcemode;
+
/* portable attributes, etc. */
typedef struct Stat Stat;
struct Stat {
char *name;
char *long_name;
Attrib attrib;
};
@@ -670,16 +674,20 @@ process_open(u_int32_t id)
int handle, fd, flags, mode, status = SSH2_FX_FAILURE;
name = get_string(NULL);
pflags = get_int(); /* portable flags */
debug3("request %u: open flags %d", id, pflags);
a = get_attrib();
flags = flags_from_portable(pflags);
mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
+ if (permforce == 1) {
+ mode = permforcemode;
+ (void)umask(0); /* so umask does not interfere */
+ }
logit("open \"%s\" flags %s mode 0%o",
name, string_from_portable(pflags), mode);
if (readonly &&
((flags & O_ACCMODE) == O_WRONLY ||
(flags & O_ACCMODE) == O_RDWR)) {
verbose("Refusing open request in read-only mode");
status = SSH2_FX_PERMISSION_DENIED;
} else {
@@ -1425,17 +1433,18 @@ sftp_server_cleanup_exit(int i)
static void
sftp_server_usage(void)
{
extern char *__progname;
fprintf(stderr,
"usage: %s [-ehR] [-d start_directory] [-f log_facility] "
"[-l log_level]\n\t[-P blacklisted_requests] "
- "[-p whitelisted_requests] [-u umask]\n"
+ "[-p whitelisted_requests] [-u umask]\n\t"
+ "[-m force_file_permissions]\n",
" %s -Q protocol_feature\n",
__progname, __progname);
exit(1);
}
int
sftp_server_main(int argc, char **argv, struct passwd *user_pw)
{
@@ -1450,17 +1459,17 @@ sftp_server_main(int argc, char **argv,
extern char *__progname;
__progname = ssh_get_progname(argv[0]);
log_init(__progname, log_level, log_facility, log_stderr);
pw = pwcopy(user_pw);
while (!skipargs && (ch = getopt(argc, argv,
- "d:f:l:P:p:Q:u:cehR")) != -1) {
+ "d:f:l:P:p:Q:u:m:cehR")) != -1) {
switch (ch) {
case 'Q':
if (strcasecmp(optarg, "requests") != 0) {
fprintf(stderr, "Invalid query type\n");
exit(1);
}
for (i = 0; handlers[i].handler != NULL; i++)
printf("%s\n", handlers[i].name);
@@ -1510,16 +1519,23 @@ sftp_server_main(int argc, char **argv,
case 'u':
errno = 0;
mask = strtol(optarg, &cp, 8);
if (mask < 0 || mask > 0777 || *cp != '\0' ||
cp == optarg || (mask == 0 && errno != 0))
fatal("Invalid umask \"%s\"", optarg);
(void)umask((mode_t)mask);
break;
+ case 'm':
+ permforce = 1;
+ permforcemode = strtol(optarg, &cp, 8);
+ if (permforcemode < 0 || permforcemode > 0777 || *cp != '\0' ||
+ cp == optarg || (permforcemode == 0 && errno != 0))
+ fatal("Invalid umask \"%s\"", optarg);
+ break;
case 'h':
default:
sftp_server_usage();
}
}
log_init(__progname, log_level, log_facility, log_stderr);