|Summary:||ssh fails if uid == 0 and gid != 0|
|Product:||Red Hat Enterprise Linux 4||Reporter:||Charlie Brady <charlieb-redhat-bugzilla>|
|Component:||openssh||Assignee:||Tomas Mraz <tmraz>|
|Status:||CLOSED ERRATA||QA Contact:||Brian Brock <bbrock>|
|Fixed In Version:||RHSA-2005:527||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2005-10-24 07:33:31 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Charlie Brady 2005-07-11 19:56:30 UTC
Description of problem: ssh fails if it is executed when uid is root and gid is non-root: [root@test7 ~]# newgrp admin [root@test7 ~]# id uid=0(root) gid=101(admin) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel) [root@test7 ~]# ssh localhost permanently_set_uid: was able to restore old [e]gid [root@test7 ~]# Version-Release number of selected component (if applicable): [root@test7 ~]# rpm -q openssh openssh-3.9p1-8.RHEL4.4 [root@test7 ~]# How reproducible: 100% Additional info: This is fixed in openssh-4.1. This patch should fix it: --- uidswap.c.orig Mon Jul 11 15:31:49 2005 +++ uidswap.c Mon Jul 11 15:33:52 2005 @@ -200,8 +200,8 @@ fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); #endif - /* Try restoration of GID if changed (test clearing of saved gid) */ - if (old_gid != pw->pw_gid && + /* Try restoration of GID if changed and running non-root (test clearing of saved gid) */ + if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) fatal("%s: was able to restore old [e]gid", __func__);
Comment 1 Charlie Brady 2005-07-11 20:01:43 UTC
> This patch should fix it: Yep, it does.
Comment 2 Tomas Mraz 2005-07-11 20:55:45 UTC
Known bug. Fix is already accepted.
Comment 3 Charlie Brady 2005-07-11 20:59:58 UTC
> Known bug. If it's known, please provide a reference. The bug seems to be unknown to RH's bugzilla.
Comment 4 Tomas Mraz 2005-07-11 21:21:34 UTC
It was reported internally so the bug report isn't visible. I'm sorry if you took my answer as discouraging you from reporting the bug - it wasn't meant so. I just wanted to state that the fix is already in works.
Comment 5 Charlie Brady 2005-07-11 21:25:34 UTC
> I just wanted to state that the fix is already in works. Cool. I'm curious as to why your internal bug reports (when not security sensite, at least) aren't visible in Bugzilla.