diff options
Diffstat (limited to 'meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch | 35 |
1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch new file mode 100644 index 0000000000..42667b05a0 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch | |||
@@ -0,0 +1,35 @@ | |||
1 | CVE-2015-6565 openssh: Incorrectly set TTYs to be world-writable | ||
2 | |||
3 | fix pty permissions; patch from Nikolay Edigaryev; ok deraadt | ||
4 | |||
5 | Upstream-Status: Backport | ||
6 | |||
7 | merged two changes into one. | ||
8 | [1] https://anongit.mindrot.org/openssh.git/commit/sshpty.c?id=a5883d4eccb94b16c355987f58f86a7dee17a0c2 | ||
9 | tighten permissions on pty when the "tty" group does not exist; pointed out by Corinna Vinschen; ok markus | ||
10 | |||
11 | [2] https://anongit.mindrot.org/openssh.git/commit/sshpty.c?id=6f941396b6835ad18018845f515b0c4fe20be21a | ||
12 | fix pty permissions; patch from Nikolay Edigaryev; ok deraadt | ||
13 | |||
14 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
15 | |||
16 | Index: openssh-6.7p1/sshpty.c | ||
17 | =================================================================== | ||
18 | --- openssh-6.7p1.orig/sshpty.c | ||
19 | +++ openssh-6.7p1/sshpty.c | ||
20 | @@ -196,13 +196,8 @@ pty_setowner(struct passwd *pw, const ch | ||
21 | |||
22 | /* Determine the group to make the owner of the tty. */ | ||
23 | grp = getgrnam("tty"); | ||
24 | - if (grp) { | ||
25 | - gid = grp->gr_gid; | ||
26 | - mode = S_IRUSR | S_IWUSR | S_IWGRP; | ||
27 | - } else { | ||
28 | - gid = pw->pw_gid; | ||
29 | - mode = S_IRUSR | S_IWUSR | S_IWGRP | S_IWOTH; | ||
30 | - } | ||
31 | + gid = (grp != NULL) ? grp->gr_gid : pw->pw_gid; | ||
32 | + mode = (grp != NULL) ? 0620 : 0600; | ||
33 | |||
34 | /* | ||
35 | * Change owner and mode of the tty as required. | ||