forked from pool/openssh
Antonio Larrosa
da2c6cc517
* No changes for askpass, see main package changelog for
details.
- Fix a dbus connection leaked in the logind patch that was
missing a sd_bus_unref call (found by Matthias Gerstner):
* logind_set_tty.patch
- Add a patch that fixes a small memory leak when parsing the
subsystem configuration option:
* fix-memleak-in-process_server_config_line_depth.patch
- Update to openssh 9.8p1:
= Security
* 1) Race condition in sshd(8) (bsc#1226642, CVE-2024-6387).
A critical vulnerability in sshd(8) was present in Portable
OpenSSH versions between 8.5p1 and 9.7p1 (inclusive) that may
allow arbitrary code execution with root privileges.
Successful exploitation has been demonstrated on 32-bit
Linux/glibc systems with ASLR. Under lab conditions, the attack
requires on average 6-8 hours of continuous connections up to
the maximum the server will accept. Exploitation on 64-bit
systems is believed to be possible but has not been
demonstrated at this time. It's likely that these attacks will
be improved upon.
Exploitation on non-glibc systems is conceivable but has not
been examined. Systems that lack ASLR or users of downstream
Linux distributions that have modified OpenSSH to disable
per-connection ASLR re-randomisation (yes - this is a thing, no
- we don't understand why) may potentially have an easier path
to exploitation. OpenBSD is not vulnerable.
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=272
201 lines
5.3 KiB
Diff
201 lines
5.3 KiB
Diff
diff --git a/Makefile.in b/Makefile.in
|
|
index f0ea07e7b..35dcf45f1 100644
|
|
--- a/Makefile.in
|
|
+++ b/Makefile.in
|
|
@@ -56,6 +56,7 @@ SSHDLIBS=@SSHDLIBS@
|
|
LIBEDIT=@LIBEDIT@
|
|
LIBFIDO2=@LIBFIDO2@
|
|
LIBWTMPDB=@LIBWTMPDB@
|
|
+LIBSYSTEMD=@LIBSYSTEMD@
|
|
AR=@AR@
|
|
AWK=@AWK@
|
|
RANLIB=@RANLIB@
|
|
@@ -208,7 +209,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
|
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(GSSLIBS) $(CHANNELLIBS)
|
|
|
|
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
|
- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(CHANNELLIBS) $(LIBWTMPDB)
|
|
+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(CHANNELLIBS) $(LIBWTMPDB) $(LIBSYSTEMD)
|
|
|
|
sshd-session$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHD_SESSION_OBJS)
|
|
$(LD) -o $@ $(SSHD_SESSION_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(CHANNELLIBS) $(LIBWTMPDB)
|
|
diff --git a/configure.ac b/configure.ac
|
|
index a12c6f7ad..860df3379 100644
|
|
--- a/configure.ac
|
|
+++ b/configure.ac
|
|
@@ -1789,6 +1789,47 @@ AC_ARG_WITH([wtmpdb],
|
|
)
|
|
|
|
|
|
+# Check whether user wants logind/set tty support
|
|
+AC_ARG_WITH([logind],
|
|
+ [ --with-logind[[=PATH]] Enable logind support for sshd],
|
|
+ [ if test "x$withval" != "xno" ; then
|
|
+ if test "x$withval" = "xyes" ; then
|
|
+ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
|
|
+ if test "x$PKGCONFIG" != "xno"; then
|
|
+ AC_MSG_CHECKING([if $PKGCONFIG knows about libsystemd])
|
|
+ if "$PKGCONFIG" libsystemd; then
|
|
+ AC_MSG_RESULT([yes])
|
|
+ use_pkgconfig_for_libsystemd=yes
|
|
+ else
|
|
+ AC_MSG_RESULT([no])
|
|
+ fi
|
|
+ fi
|
|
+ else
|
|
+ CPPFLAGS="$CPPFLAGS -I${withval}/include"
|
|
+ if test -n "${rpath_opt}"; then
|
|
+ LDFLAGS="-L${withval}/lib ${rpath_opt}${withval}/lib ${LDFLAGS}"
|
|
+ else
|
|
+ LDFLAGS="-L${withval}/lib ${LDFLAGS}"
|
|
+ fi
|
|
+ fi
|
|
+ if test "x$use_pkgconfig_for_libsystemd" = "xyes"; then
|
|
+ LIBSYSTEMD=`$PKGCONFIG --libs libsystemd`
|
|
+ CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libsystemd`"
|
|
+ else
|
|
+ LIBSYSTEMD="-lsystemd"
|
|
+ fi
|
|
+ OTHERLIBS=`echo $LIBSYSTEMD | sed 's/-lsystemd//'`
|
|
+ AC_CHECK_LIB([systemd], [sd_bus_open_system],
|
|
+ [ AC_DEFINE([USE_LOGIND], [1], [Use systemd-logind])
|
|
+ AC_SUBST([LIBSYSTEMD])
|
|
+ ],
|
|
+ [ AC_MSG_ERROR([libsystemd not found]) ],
|
|
+ [ $OTHERLIBS ]
|
|
+ )
|
|
+ fi ]
|
|
+)
|
|
+
|
|
+
|
|
AUDIT_MODULE=none
|
|
AC_ARG_WITH([audit],
|
|
[ --with-audit=module Enable audit support (modules=debug,bsm,linux)],
|
|
diff --git a/loginrec.c b/loginrec.c
|
|
index 86caf83b2..8b413190b 100644
|
|
--- a/loginrec.c
|
|
+++ b/loginrec.c
|
|
@@ -191,6 +191,10 @@
|
|
# include <wtmpdb.h>
|
|
#endif
|
|
|
|
+#ifdef USE_LOGIND
|
|
+# include <systemd/sd-bus.h>
|
|
+#endif
|
|
+
|
|
/**
|
|
** prototypes for helper functions in this file
|
|
**/
|
|
@@ -214,6 +218,9 @@ int syslogin_write_entry(struct logininfo *li);
|
|
#ifdef USE_WTMPDB
|
|
int wtmpdb_write_entry(struct logininfo *li);
|
|
#endif
|
|
+#ifdef USE_LOGIND
|
|
+int logind_set_tty(struct logininfo *li);
|
|
+#endif
|
|
|
|
int getlast_entry(struct logininfo *li);
|
|
int lastlog_get_entry(struct logininfo *li);
|
|
@@ -477,6 +484,9 @@ login_write(struct logininfo *li)
|
|
#ifdef USE_WTMPDB
|
|
wtmpdb_write_entry(li);
|
|
#endif
|
|
+#ifdef USE_LOGIND
|
|
+ logind_set_tty(li);
|
|
+#endif
|
|
#ifdef CUSTOM_SYS_AUTH_RECORD_LOGIN
|
|
if (li->type == LTYPE_LOGIN &&
|
|
!sys_auth_record_login(li->username,li->hostname,li->line,
|
|
@@ -1476,6 +1486,91 @@ wtmpdb_write_entry(struct logininfo *li)
|
|
}
|
|
#endif
|
|
|
|
+#ifdef USE_LOGIND
|
|
+#define DBUS_DESTINATION "org.freedesktop.login1"
|
|
+#define DBUS_PATH_ID "/org/freedesktop/login1/session/auto"
|
|
+#define DBUS_INTERFACE "org.freedesktop.login1.Session"
|
|
+#define DBUS_PATH "/org/freedesktop/login1/session/%s"
|
|
+
|
|
+static int
|
|
+logind_perform_login(struct logininfo *li)
|
|
+{
|
|
+ sd_bus *bus = NULL;
|
|
+ sd_bus_error error = SD_BUS_ERROR_NULL;
|
|
+ char *session_id = NULL;
|
|
+ char *dbus_path;
|
|
+ const char *tty;
|
|
+ char buf[PATH_MAX];
|
|
+ int r;
|
|
+ int fd;
|
|
+
|
|
+ if (sd_bus_open_system(&bus) < 0)
|
|
+ {
|
|
+ logit("logind: canot open dbus");
|
|
+ return (0);
|
|
+ }
|
|
+
|
|
+ if (sd_bus_get_property_string(bus, DBUS_DESTINATION,
|
|
+ DBUS_PATH_ID, DBUS_INTERFACE,
|
|
+ "Id", &error, &session_id) < 0)
|
|
+ {
|
|
+ logit("logind: cannot get session ID");
|
|
+ return (0);
|
|
+ }
|
|
+
|
|
+ if (strncmp(li->line, "/dev/", 5) != 0)
|
|
+ snprintf (buf, sizeof(buf), "/dev/%s", li->line);
|
|
+ else
|
|
+ tty = li->line;
|
|
+
|
|
+ fd = open(tty, O_RDWR|O_CLOEXEC|O_NOCTTY);
|
|
+
|
|
+ if (asprintf (&dbus_path, DBUS_PATH, session_id) < 0)
|
|
+ return (0);
|
|
+
|
|
+ if (sd_bus_call_method(bus, DBUS_DESTINATION, dbus_path,
|
|
+ DBUS_INTERFACE, "TakeControl", &error, NULL,
|
|
+ "b", 1) < 0) {
|
|
+ logit("logind: cannot take control");
|
|
+ free(dbus_path);
|
|
+ return (0);
|
|
+ }
|
|
+
|
|
+ if ((r = sd_bus_call_method(bus, DBUS_DESTINATION, dbus_path,
|
|
+ DBUS_INTERFACE, "SetTTY", &error, NULL,
|
|
+ "h", fd)) < 0) {
|
|
+ if (r != -EBADR) /* logind does not support "SetTTY" */
|
|
+ logit("logind: cannot set TTY(%s, %s): %s", session_id, tty, strerror(-r));
|
|
+ free(dbus_path);
|
|
+ return (0);
|
|
+ }
|
|
+
|
|
+ free(dbus_path);
|
|
+
|
|
+ if (sd_bus_flush(bus) < 0) {
|
|
+ sd_bus_unref(bus);
|
|
+ return (0);
|
|
+ }
|
|
+
|
|
+ sd_bus_unref(bus);
|
|
+ return (1);
|
|
+}
|
|
+
|
|
+int
|
|
+logind_set_tty(struct logininfo *li)
|
|
+{
|
|
+ switch(li->type) {
|
|
+ case LTYPE_LOGIN:
|
|
+ return (logind_perform_login(li));
|
|
+ case LTYPE_LOGOUT:
|
|
+ return (1);
|
|
+ default:
|
|
+ logit("%s: invalid type field", __func__);
|
|
+ return (0);
|
|
+ }
|
|
+}
|
|
+#endif
|
|
+
|
|
|
|
/**
|
|
** Low-level libutil login() functions
|