mirror of
https://github.com/openwrt/openwrt.git
synced 2025-01-01 11:36:49 +00:00
b5cde26048
critical fixes: - libtommath: possible integer overflow (CVE-2023-36328) - implement Strict KEX mode (CVE-2023-48795) various fixes: - fix DROPBEAR_DSS and DROPBEAR_RSA config options - y2038 issues - remove SO_LINGER socket option - make banner reading failure non-fatal - fix "noremotetcp" behavior - don't try to shutdown a pty - fix test for multiuser kernels adds new features: - option to bind to interface - allow inetd with non-syslog - ignore unsupported command line options with dropbearkey Signed-off-by: Konstantin Demin <rockdrilla@gmail.com>
25 lines
884 B
Diff
25 lines
884 B
Diff
From 860721558837441ab45019858e710a2625ffa46e Mon Sep 17 00:00:00 2001
|
|
From: Matt Johnston <matt@ucc.asn.au>
|
|
Date: Wed, 7 Dec 2022 13:04:10 +0800
|
|
Subject: Allow users's own gid in pty permission check
|
|
|
|
This allows non-root Dropbear to work even without devpts gid=5 mount
|
|
option on Linux.
|
|
---
|
|
sshpty.c | 4 +++-
|
|
1 file changed, 3 insertions(+), 1 deletion(-)
|
|
|
|
--- a/sshpty.c
|
|
+++ b/sshpty.c
|
|
@@ -380,7 +380,9 @@ pty_setowner(struct passwd *pw, const ch
|
|
tty_name, strerror(errno));
|
|
}
|
|
|
|
- if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
|
|
+ /* Allow either "tty" gid or user's own gid. On Linux with openpty()
|
|
+ * this varies depending on the devpts mount options */
|
|
+ if (st.st_uid != pw->pw_uid || !(st.st_gid == gid || st.st_gid == pw->pw_gid)) {
|
|
if (chown(tty_name, pw->pw_uid, gid) < 0) {
|
|
if (errno == EROFS &&
|
|
(st.st_uid == pw->pw_uid || st.st_uid == 0)) {
|