summaryrefslogtreecommitdiffstats
path: root/meta/recipes-connectivity/openssh/openssh-6.4p1/openssh-CVE-2011-4327.patch
blob: 30c11cf43255308e3be21d98457476680ae569b3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
openssh-CVE-2011-4327

A security flaw was found in the way ssh-keysign,
a ssh helper program for host based authentication,
attempted to retrieve enough entropy information on configurations that
lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
be executed to retrieve the entropy from the system environment).
A local attacker could use this flaw to obtain unauthorized access to host keys
via ptrace(2) process trace attached to the 'ssh-rand-helper' program.

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
http://www.openssh.com/txt/portable-keysign-rand-helper.adv

Upstream-Status: Pending

Signed-off-by: Li Wang <li.wang@windriver.com>
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -170,6 +170,10 @@
 	key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
 	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
 	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
+	if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 ||
+	    fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 ||
+	    fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0)
+		fatal("fcntl failed");
 
 	original_real_uid = getuid();	/* XXX readconf.c needs this */
 	if ((pw = getpwuid(original_real_uid)) == NULL)