summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh
diff options
context:
space:
mode:
authorJussi Kukkonen <jussi.kukkonen@intel.com>2016-05-18 15:11:56 +0300
committerRichard Purdie <richard.purdie@linuxfoundation.org>2016-05-19 09:05:19 +0100
commit90cb500a7ffb54940c6eedfba38e7a4f97267702 (patch)
treec4e95973b29757deec2eef43561853d95e4813b3 /meta/recipes-connectivity/openssh
parent4d72f506311b81653df703e00c370155e6870cd8 (diff)
downloadpoky-90cb500a7ffb54940c6eedfba38e7a4f97267702.tar.gz
openssh: Backport fix for CVE-2015-8325
PAM environment vars must be ignored when UseLogin=yes (From OE-Core rev: 0a06be81cb650def54a4c2059bd728c75954306f) Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-connectivity/openssh')
-rw-r--r--meta/recipes-connectivity/openssh/openssh/CVE-2015-8325.patch39
-rw-r--r--meta/recipes-connectivity/openssh/openssh_7.2p2.bb1
2 files changed, 40 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2015-8325.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2015-8325.patch
new file mode 100644
index 0000000000..226389718d
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-8325.patch
@@ -0,0 +1,39 @@
1From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001
2From: Damien Miller <djm@mindrot.org>
3Date: Wed, 13 Apr 2016 10:39:57 +1000
4Subject: ignore PAM environment vars when UseLogin=yes
5
6If PAM is configured to read user-specified environment variables
7and UseLogin=yes in sshd_config, then a hostile local user may
8attack /bin/login via LD_PRELOAD or similar environment variables
9set via PAM.
10
11CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
12
13
14
15https://anongit.mindrot.org/openssh.git/commit/session.c?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
16
17CVE: CVE-2015-8325
18Upstream-Status: Backport
19Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
20---
21 session.c | 2 +-
22 1 file changed, 1 insertion(+), 1 deletion(-)
23
24diff --git a/session.c b/session.c
25index 4859245..4653b09 100644
26--- a/session.c
27+++ b/session.c
28@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
29 * Pull in any environment variables that may have
30 * been set by PAM.
31 */
32- if (options.use_pam) {
33+ if (options.use_pam && !options.use_login) {
34 char **p;
35
36 p = fetch_pam_child_environment();
37--
38cgit v0.11.2
39
diff --git a/meta/recipes-connectivity/openssh/openssh_7.2p2.bb b/meta/recipes-connectivity/openssh/openssh_7.2p2.bb
index 173f80a2af..7e047168dc 100644
--- a/meta/recipes-connectivity/openssh/openssh_7.2p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_7.2p2.bb
@@ -21,6 +21,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
21 file://volatiles.99_sshd \ 21 file://volatiles.99_sshd \
22 file://add-test-support-for-busybox.patch \ 22 file://add-test-support-for-busybox.patch \
23 file://run-ptest \ 23 file://run-ptest \
24 file://CVE-2015-8325.patch \
24 " 25 "
25 26
26PAM_SRC_URI = "file://sshd" 27PAM_SRC_URI = "file://sshd"