From 76e95daad1f38e0ba8e7bf0554cadd6e3aaf5235 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 7 Mar 2008 18:31:24 +1100 Subject: - djm@cvs.openbsd.org 2008/02/13 22:38:17 [servconf.h session.c sshd.c] rekey arc4random and OpenSSL RNG in postauth child closefrom fds > 2 before shell/command execution ok markus@ --- ChangeLog | 7 ++++++- servconf.h | 5 ++++- session.c | 9 +++++---- sshd.c | 13 +++++++++++-- 4 files changed, 26 insertions(+), 8 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2c53b309..341360d2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,11 @@ [ssh.1 sshd.8 sshd_config.5] bump Mdocdate for pages committed in "febuary", necessary because of a typo in rcs.c; + - djm@cvs.openbsd.org 2008/02/13 22:38:17 + [servconf.h session.c sshd.c] + rekey arc4random and OpenSSL RNG in postauth child + closefrom fds > 2 before shell/command execution + ok markus@ 20080302 - (dtucker) [configure.ac] FreeBSD's glob() doesn't behave the way we expect @@ -3664,4 +3669,4 @@ OpenServer 6 and add osr5bigcrypt support so when someone migrates passwords between UnixWare and OpenServer they will still work. OK dtucker@ -$Id: ChangeLog,v 1.4851 2008/03/07 07:27:58 djm Exp $ +$Id: ChangeLog,v 1.4852 2008/03/07 07:31:24 djm Exp $ diff --git a/servconf.h b/servconf.h index 81a68be8..5b88067d 100644 --- a/servconf.h +++ b/servconf.h @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.81 2008/02/08 23:24:08 djm Exp $ */ +/* $OpenBSD: servconf.h,v 1.82 2008/02/13 22:38:17 djm Exp $ */ /* * Author: Tatu Ylonen @@ -36,6 +36,9 @@ #define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */ +/* Magic name for internal sftp-server */ +#define INTERNAL_SFTP_NAME "internal-sftp" + typedef struct { u_int num_ports; u_int ports_from_cmdline; diff --git a/session.c b/session.c index 545e27fb..589a15a6 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.227 2008/02/10 10:54:29 djm Exp $ */ +/* $OpenBSD: session.c,v 1.228 2008/02/13 22:38:17 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -94,9 +94,6 @@ #include #endif -/* Magic name for internal sftp-server */ -#define INTERNAL_SFTP_NAME "internal-sftp" - /* func */ Session *session_new(void); @@ -491,6 +488,8 @@ do_exec_no_pty(Session *s, const char *command) cray_init_job(s->pw); /* set up cray jid and tmpdir */ #endif + closefrom(STDERR_FILENO + 1); + /* Do processing for the child (exec command etc). */ do_child(s, command); /* NOTREACHED */ @@ -611,6 +610,8 @@ do_exec_pty(Session *s, const char *command) # endif #endif + closefrom(STDERR_FILENO + 1); + /* Do common processing for the child, such as execing the command. */ do_child(s, command); /* NOTREACHED */ diff --git a/sshd.c b/sshd.c index 345ee431..2920b26c 100644 --- a/sshd.c +++ b/sshd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.353 2007/12/31 15:27:04 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.354 2008/02/13 22:38:17 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -585,11 +585,12 @@ privsep_preauth_child(void) { u_int32_t rnd[256]; gid_t gidset[1]; - int i; + u_int i; /* Enable challenge-response authentication for privilege separation */ privsep_challenge_enable(); + arc4random_stir(); for (i = 0; i < 256; i++) rnd[i] = arc4random(); RAND_seed(rnd, sizeof(rnd)); @@ -664,6 +665,9 @@ privsep_preauth(Authctxt *authctxt) static void privsep_postauth(Authctxt *authctxt) { + u_int32_t rnd[256]; + u_int i; + #ifdef DISABLE_FD_PASSING if (1) { #else @@ -695,6 +699,11 @@ privsep_postauth(Authctxt *authctxt) /* Demote the private keys to public keys. */ demote_sensitive_data(); + arc4random_stir(); + for (i = 0; i < 256; i++) + rnd[i] = arc4random(); + RAND_seed(rnd, sizeof(rnd)); + /* Drop privileges */ do_setusercontext(authctxt->pw); -- cgit v1.2.3