From 3dfce5deaad60dc76c30ffe746439039e578a3d9 Mon Sep 17 00:00:00 2001 From: djm Date: Fri, 7 Mar 2008 07:31:24 +0000 Subject: [PATCH] - djm@cvs.openbsd.org 2008/02/13 22:38:17 [servconf.h session.c sshd.c] rekey arc4random and OpenSSL RNG in postauth child closefrom fds > 2 before shell/command execution ok markus@ --- ChangeLog | 5 +++++ servconf.h | 5 ++++- session.c | 9 +++++---- sshd.c | 13 +++++++++++-- 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 80304dfc..0a8a8c58 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,11 @@ [ssh.1 sshd.8 sshd_config.5] bump Mdocdate for pages committed in "febuary", necessary because of a typo in rcs.c; + - djm@cvs.openbsd.org 2008/02/13 22:38:17 + [servconf.h session.c sshd.c] + rekey arc4random and OpenSSL RNG in postauth child + closefrom fds > 2 before shell/command execution + ok markus@ 20080302 - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect diff --git a/servconf.h b/servconf.h index 81a68be8..5b88067d 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.81 2008/02/08 23:24:08 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.82 2008/02/13 22:38:17 djm Exp $ */ /* * Author: Tatu Ylonen @@ -36,6 +36,9 @@ #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ +/* Magic name for internal sftp-server */ +#define INTERNAL_SFTP_NAME "internal-sftp" + typedef struct { u_int num_ports; u_int ports_from_cmdline; diff --git a/session.c b/session.c index 545e27fb..589a15a6 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.227 2008/02/10 10:54:29 djm Exp $ */ +/* $OpenBSD: session.c,v 1.228 2008/02/13 22:38:17 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -94,9 +94,6 @@ #include #endif -/* Magic name for internal sftp-server */ -#define INTERNAL_SFTP_NAME "internal-sftp" - /* func */ Session *session_new(void); @@ -491,6 +488,8 @@ do_exec_no_pty(Session *s, const char *command) cray_init_job(s->pw); /* set up cray jid and tmpdir */ #endif + closefrom(STDERR_FILENO + 1); + /* Do processing for the child (exec command etc). */ do_child(s, command); /* NOTREACHED */ @@ -611,6 +610,8 @@ do_exec_pty(Session *s, const char *command) # endif #endif + closefrom(STDERR_FILENO + 1); + /* Do common processing for the child, such as execing the command. */ do_child(s, command); /* NOTREACHED */ diff --git a/sshd.c b/sshd.c index 345ee431..2920b26c 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.353 2007/12/31 15:27:04 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.354 2008/02/13 22:38:17 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -585,11 +585,12 @@ privsep_preauth_child(void) { u_int32_t rnd[256]; gid_t gidset[1]; - int i; + u_int i; /* Enable challenge-response authentication for privilege separation */ privsep_challenge_enable(); + arc4random_stir(); for (i = 0; i < 256; i++) rnd[i] = arc4random(); RAND_seed(rnd, sizeof(rnd)); @@ -664,6 +665,9 @@ privsep_preauth(Authctxt *authctxt) static void privsep_postauth(Authctxt *authctxt) { + u_int32_t rnd[256]; + u_int i; + #ifdef DISABLE_FD_PASSING if (1) { #else @@ -695,6 +699,11 @@ privsep_postauth(Authctxt *authctxt) /* Demote the private keys to public keys. */ demote_sensitive_data(); + arc4random_stir(); + for (i = 0; i < 256; i++) + rnd[i] = arc4random(); + RAND_seed(rnd, sizeof(rnd)); + /* Drop privileges */ do_setusercontext(authctxt->pw); -- 2.45.2