summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh/openssh-6.1p1/openssh-CVE-2011-4327.patch
diff options
context:
space:
mode:
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh-6.1p1/openssh-CVE-2011-4327.patch')
-rw-r--r--meta/recipes-connectivity/openssh/openssh-6.1p1/openssh-CVE-2011-4327.patch27
1 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh-6.1p1/openssh-CVE-2011-4327.patch b/meta/recipes-connectivity/openssh/openssh-6.1p1/openssh-CVE-2011-4327.patch
new file mode 100644
index 0000000000..8489edcc82
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-6.1p1/openssh-CVE-2011-4327.patch
@@ -0,0 +1,27 @@
1openssh-CVE-2011-4327
2
3A security flaw was found in the way ssh-keysign,
4a ssh helper program for host based authentication,
5attempted to retrieve enough entropy information on configurations that
6lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
7be executed to retrieve the entropy from the system environment).
8A local attacker could use this flaw to obtain unauthorized access to host keys
9via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
10
11https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
12http://www.openssh.com/txt/portable-keysign-rand-helper.adv
13
14Signed-off-by: Li Wang <li.wang@windriver.com>
15--- a/ssh-keysign.c
16+++ b/ssh-keysign.c
17@@ -170,6 +170,10 @@
18 key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
19 key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
20 key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
21+ if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 ||
22+ fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 ||
23+ fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0)
24+ fatal("fcntl failed");
25
26 original_real_uid = getuid(); /* XXX readconf.c needs this */
27 if ((pw = getpwuid(original_real_uid)) == NULL)