- (stevesk) OpenBSD CVS updates:

- markus@cvs.openbsd.org 2000/12/13 16:26:53 [ssh-keyscan.c] fatal already adds \n; from stevesk@pobox.com - markus@cvs.openbsd.org 2000/12/13 16:25:44 [ssh-agent.c] remove redundant spaces; from stevesk@pobox.com - ho@cvs.openbsd.org 2000/12/12 15:50:21 [pty.c] When failing to set tty owner and mode on a read-only filesystem, don't abort if the tty already has correct owner and reasonably sane modes. Example; permit 'root' to login to a firewall with read-only root fs. (markus@ ok) - deraadt@cvs.openbsd.org 2000/12/13 06:36:05 [pty.c] KNF
2000-12-15 18:39:12 +00:00 · 2000-12-15 18:39:12 +00:00 · fa72ddac73
parent de41bc6caa
commit fa72ddac73
4 changed files with 64 additions and 20 deletions
--- a/22
+++ b/22
@ -1,7 +1,25 @@
+20001215
+ - (stevesk) OpenBSD CVS updates:
+   - markus@cvs.openbsd.org 2000/12/13 16:26:53
+     [ssh-keyscan.c]
+     fatal already adds \n; from stevesk@pobox.com
+   - markus@cvs.openbsd.org 2000/12/13 16:25:44
+     [ssh-agent.c]
+     remove redundant spaces; from stevesk@pobox.com
+   - ho@cvs.openbsd.org 2000/12/12 15:50:21
+     [pty.c]
+     When failing to set tty owner and mode on a read-only filesystem, don't
+     abort if the tty already has correct owner and reasonably sane modes.
+     Example; permit 'root' to login to a firewall with read-only root fs.
+     (markus@ ok)
+   - deraadt@cvs.openbsd.org 2000/12/13 06:36:05
+     [pty.c]
+     KNF
+
 20001213
 - (djm) Make sure we reset the SIGPIPE disposition after we fork. Report
   from Andreas M. Kirchwitz <amk@krell.zikzak.de>
- - (stevesk) OpenSSH CVS update:
+ - (stevesk) OpenBSD CVS update:
   - markus@cvs.openbsd.org 2000/12/12 15:30:02
     [ssh-keyscan.c ssh.c sshd.c]
     consistently use __progname; from stevesk@pobox.com	
@ -62,7 +80,7 @@
     tweak comment to reflect real location of pid file; ok provos@
 - (stevesk) Import <sys/queue.h> from OpenBSD for systems that don't
   have it (used in ssh-keyscan).
- - (stevesk) OpenSSH CVS update:
+ - (stevesk) OpenBSD CVS update:
   - markus@cvs.openbsd.org 2000/12/06 19:57:48
     [ssh-keyscan.c]
     err(3) -> internal error(), from stevesk@sweden.hp.com
--- a/pty.c
+++ b/pty.c
@ -12,7 +12,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: pty.c,v 1.16 2000/09/07 21:13:37 markus Exp $");
+RCSID("$OpenBSD: pty.c,v 1.18 2000/12/13 06:36:05 deraadt Exp $");

 #ifdef HAVE_UTIL_H
 # include <util.h>
@ -291,6 +291,7 @@ pty_setowner(struct passwd *pw, const char *ttyname)
 	struct group *grp;
 	gid_t gid;
 	mode_t mode;
+	struct stat st;

 	/* Determine the group to make the owner of the tty. */
 	grp = getgrnam("tty");
@ -302,11 +303,36 @@ pty_setowner(struct passwd *pw, const char *ttyname)
 		mode = S_IRUSR | S_IWUSR | S_IWGRP | S_IWOTH;
 	}

-	/* Change ownership of the tty. */
-	if (chown(ttyname, pw->pw_uid, gid) < 0)
+	/*
+	 * Change owner and mode of the tty as required.
+	 * Warn but continue if filesystem is read-only and the uids match.
+	 */
+	if (stat(ttyname, &st))
+		fatal("stat(%.100s) failed: %.100s", ttyname,
+		    strerror(errno));
+
+	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
+		if (chown(ttyname, pw->pw_uid, gid) < 0) {
+			if (errno == EROFS && st.st_uid == pw->pw_uid)
+				error("chown(%.100s, %d, %d) failed: %.100s",
+				      ttyname, pw->pw_uid, gid, 
+				      strerror(errno));
+			else
 				fatal("chown(%.100s, %d, %d) failed: %.100s",
-		    ttyname, pw->pw_uid, gid, strerror(errno));
-	if (chmod(ttyname, mode) < 0)
+				      ttyname, pw->pw_uid, gid, 
+				      strerror(errno));
+		}
+	}
+
+	if ((st.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO)) != mode) {
+		if (chmod(ttyname, mode) < 0) {
+			if (errno == EROFS &&
+			    (st.st_mode & (S_IRGRP | S_IROTH)) == 0)
+				error("chmod(%.100s, 0%o) failed: %.100s",
+				      ttyname, mode, strerror(errno));
+			else
 				fatal("chmod(%.100s, 0%o) failed: %.100s",
 				      ttyname, mode, strerror(errno));
 		}
+	}
+}
--- a/ssh-agent.c
+++ b/ssh-agent.c
@ -1,4 +1,4 @@
-/*	$OpenBSD: ssh-agent.c,v 1.42 2000/12/09 14:06:54 markus Exp $	*/
+/*	$OpenBSD: ssh-agent.c,v 1.43 2000/12/13 23:25:44 markus Exp $	*/

 /*
 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@ -37,7 +37,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.42 2000/12/09 14:06:54 markus Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.43 2000/12/13 23:25:44 markus Exp $");

 #include "ssh.h"
 #include "rsa.h"
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@ -329,9 +329,9 @@ conalloc(char *iname, char *oname)
 	} while ((s = tcpconnect(name)) < 0);

 	if (s >= maxfd)
-		fatal("conalloc: fdno %d too high\n", s);
+		fatal("conalloc: fdno %d too high", s);
 	if (fdcon[s].c_status)
-		fatal("conalloc: attempt to reuse fdno %d\n", s);
+		fatal("conalloc: attempt to reuse fdno %d", s);

 	fdcon[s].c_fd = s;
 	fdcon[s].c_status = CS_CON;
@ -355,7 +355,7 @@ confree(int s)
 {
 	close(s);
 	if (s >= maxfd || fdcon[s].c_status == CS_UNUSED)
-		fatal("confree: attempt to free bad fdno %d\n", s);
+		fatal("confree: attempt to free bad fdno %d", s);
 	free(fdcon[s].c_namebase);
 	free(fdcon[s].c_output_name);
 	if (fdcon[s].c_status == CS_KEYS)
@ -455,7 +455,7 @@ conread(int s)
 			return;
 			break;
 		default:
-			fatal("conread: invalid status %d\n", c->c_status);
+			fatal("conread: invalid status %d", c->c_status);
 			break;
 		}

@ -548,7 +548,7 @@ nexthost(int argc, char **argv)
 static void
 usage(void)
 {
-	fatal("usage: %s [-t timeout] { [--] host | -f file } ...\n", __progname);
+	fatal("usage: %s [-t timeout] { [--] host | -f file } ...", __progname);
 	return;
 }

@ -580,11 +580,11 @@ main(int argc, char **argv)

 	maxfd = fdlim_get(1);
 	if (maxfd < 0)
-		fatal("%s: fdlim_get: bad value\n", __progname);
+		fatal("%s: fdlim_get: bad value", __progname);
 	if (maxfd > MAXMAXFD)
 		maxfd = MAXMAXFD;
 	if (maxcon <= 0)
-		fatal("%s: not enough file descriptors\n", __progname);
+		fatal("%s: not enough file descriptors", __progname);
 	if (maxfd > fdlim_get(0))
 		fdlim_set(maxfd);
 	fdcon = xmalloc(maxfd * sizeof(con));