On 10/01/2015 08:04 PM, John Johansen wrote:
> On 10/01/2015 06:26 PM, Seth Arnold wrote:
>> On Thu, Oct 01, 2015 at 08:32:36PM -0400, Simon Deziel wrote:
>>> I've opened [1] but I cannot set the importance to "wishlist".
>>>
>>> If someone can point me to the old patch I'd like to take a look and see
>>> if I can dust it off.
>>
>>> 1: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1501966
>>
>> I'm afraid it's going to take more than dusting; I can't find a copy of
>> the patches in the usual locations. Maybe someone's got an old openssh
>> src.rpm or svn or cvs tree laying around, but it might be faster to start
>> from scratch.
>>
> I don't have one either, my guess is it died when Novell pulled the
> plug on the old immunix cvs/svn
>
>
Ha! I was wrong, I did find a version of it and sftp too
Its old, against openssh3.8 and I haven't really looked at it
--- openssh-3.8p1/auth.h.immunix 2004-02-21 15:22:05.000000000 -0800
+++ openssh-3.8p1/auth.h 2004-09-09 15:08:08.385513456 -0700
@@ -68,6 +68,9 @@
char *krb5_ticket_file;
#endif
void *methoddata;
+ /* Immunix */
+ unsigned int subdomain_token;
+ /* /Immunix */
};
/*
* Every authentication method has to handle authentication requests for
--- openssh-3.8p1/sshd.c.immunix 2004-09-09 15:08:08.351518624 -0700
+++ openssh-3.8p1/sshd.c 2004-09-09 15:46:45.455265312 -0700
@@ -92,6 +92,10 @@
int deny_severity = LOG_WARNING;
#endif /* LIBWRAP */
+/* IMMUNIX */
+#include <sys/immunix.h>
+/* /IMMUNIX */
+
#ifndef O_NOCTTY
#define O_NOCTTY 0
#endif
@@ -597,6 +601,10 @@
gid_t gidset[1];
struct passwd *pw;
int i;
+ /* IMMUNIX */
+ int retval;
+ unsigned int magic_token = 0;
+ /* /IMMUNIX */
/* Enable challenge-response authentication for privilege separation */
privsep_challenge_enable();
@@ -605,6 +613,18 @@
rnd[i] = arc4random();
RAND_seed(rnd, sizeof(rnd));
+ /* IMMUNIX */
+ debug2("about to enter pre-auth privsep");
+ /* privsep child should exit(), so don't need to change_hat back out. */
+ /* this means we can wipe the token from our memory */
+ retval = change_hat ("PRIVSEP", magic_token);
+ if (retval < 0) {
+ logit("change_hat into PRIVSEP failed: %s\n",
+ strerror(errno));
+ change_hat(NULL, magic_token); /* bleagh */
+ }
+ /* /IMMUNIX */
+
/* Demote the private keys to public keys. */
demote_sensitive_data();
@@ -670,6 +690,18 @@
close(pmonitor->m_sendfd);
+ /* IMMUNIX */
+ /* leave the monitor's hat */
+ debug2("leaving the monitors hat in privsep_preauth (pid %ld)",
+ pid);
+ if (change_hat (NULL, authctxt->subdomain_token) == -1)
+ logit("change_hat out of monitor's hat failed: %s\n",
+ strerror(errno));
+ /* wipe the monitor's token from child's memory */
+ authctxt->subdomain_token = 0;
+ /* privsep_preath_child will do a new change_hat */
+ /* IMMUNIX */
+
/* Demote the child */
if (getuid() == 0 || geteuid() == 0)
privsep_preauth_child();
@@ -870,6 +902,10 @@
Authctxt *authctxt;
int ret, key_used = 0;
char *port;
+ /* Immunix */
+ int retval;
+ unsigned int magic_token = 0;
+ /* /Immunix */
#ifdef HAVE_SECUREWARE
(void)set_auth_parameters(ac, av);
@@ -1484,6 +1520,15 @@
signal(SIGCHLD, SIG_DFL);
signal(SIGINT, SIG_DFL);
+ /* IMMUNIX */
+ magic_token = arc4random();
+ if (magic_token == 0)
+ logit("Unable to get random token for subdomain");
+
+ retval = change_hat ("PRIVSEP_MONITOR", magic_token);
+ if (retval < 0) change_hat(NULL, magic_token); /* XXX */
+ /* /IMMUNIX */
+
/* Set SO_KEEPALIVE if requested. */
if (options.tcp_keep_alive &&
setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on,
@@ -1544,6 +1589,10 @@
/* XXX global for cleanup, access from other modules */
the_authctxt = authctxt;
+
+ /* Immunix - save subdomain token */
+ authctxt->subdomain_token = magic_token;
+ /* /Immunix */
if (use_privsep)
if (privsep_preauth(authctxt) == 1)
@@ -1568,17 +1617,34 @@
}
authenticated:
+ /* Immunix - save subdomain token. the preauth child monitor zeros
+ * it out */
+ authctxt->subdomain_token = magic_token;
+ /* /Immunix */
/*
* In privilege separation, we fork another child and prepare
* file descriptor passing.
*/
if (use_privsep) {
+ /* Immunix - clear sensitive data -- XXX only do it in the child */
+ /* magic_token = 0; */
+ /* /Immunix */
privsep_postauth(authctxt);
/* the monitor process [priv] will not return */
if (!compat20)
destroy_sensitive_data();
}
+ /* IMMUNIX */
+ /* leave the monitor's hat */
+ debug2("About to change_hat out of monitor into authenticated right before do_authenticated");
+ if (change_hat (NULL, magic_token) == -1)
+ logit("change_hat out of monitor's hat failed: %s\n",
+ strerror(errno));
+ retval = change_hat ("AUTHENTICATED", magic_token);
+ if (retval < 0) change_hat(NULL, magic_token); /* XXX */
+ /* /IMMUNIX */
+
/* Start session. */
do_authenticated(authctxt);
--- openssh-3.8p1/session.c.immunix 2004-02-23 05:01:27.000000000 -0800
+++ openssh-3.8p1/session.c 2004-09-09 15:43:48.518163840 -0700
@@ -66,6 +66,10 @@
#include "ssh-gss.h"
#endif
+/* IMMUNIX */
+#include <sys/immunix.h>
+/* /IMMUNIX */
+
/* func */
Session *session_new(void);
@@ -1383,6 +1387,9 @@
char *argv[10];
const char *shell, *shell0, *hostname = NULL;
struct passwd *pw = s->pw;
+ /* Immunix */
+ int retval;
+ /* /Immunix */
/* remove hostkey from the child's memory */
destroy_sensitive_data();
@@ -1489,6 +1496,23 @@
#endif
}
+ /* IMMUNIX */
+ change_hat(NULL, s->authctxt->subdomain_token);
+
+ /* try to changehat to a user specific hat */
+ retval = change_hat(pw->pw_name, s->authctxt->subdomain_token);
+ if (retval >= 0) goto done_changehat;
+
+ /* try to change_hat to a default EXEC hat */
+ retval = change_hat("EXEC", s->authctxt->subdomain_token);
+ if (retval < 0) change_hat(NULL, s->authctxt->subdomain_token);
+
+ /* note: there is no need to undo the change_hat() because this
+ function does not return - ever. */
+ done_changehat:
+
+ /* /IMMUNIX */
+
if (!options.use_login)
do_rc_files(s, shell);
--- openssh-3.8p1/Makefile.in.immunix 2004-02-17 19:35:11.000000000 -0800
+++ openssh-3.8p1/Makefile.in 2004-09-09 15:08:08.388513000 -0700
@@ -43,6 +43,7 @@
CFLAGS=@CFLAGS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
+LIBS+=-limmunix
LIBPAM=@LIBPAM@
LIBWRAP=@LIBWRAP@
AR=@AR@
--
AppArmor mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/apparmor
