diff options
Diffstat (limited to 'package/network/services/dropbear/patches/004-allow-users-s-own-gid-in-pty-permission-check.patch')
| -rw-r--r-- | package/network/services/dropbear/patches/004-allow-users-s-own-gid-in-pty-permission-check.patch | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/package/network/services/dropbear/patches/004-allow-users-s-own-gid-in-pty-permission-check.patch b/package/network/services/dropbear/patches/004-allow-users-s-own-gid-in-pty-permission-check.patch new file mode 100644 index 00000000000..bcb43aed2ae --- /dev/null +++ b/package/network/services/dropbear/patches/004-allow-users-s-own-gid-in-pty-permission-check.patch @@ -0,0 +1,24 @@ +From 860721558837441ab45019858e710a2625ffa46e Mon Sep 17 00:00:00 2001 +From: Matt Johnston <matt@ucc.asn.au> +Date: Wed, 7 Dec 2022 13:04:10 +0800 +Subject: Allow users's own gid in pty permission check + +This allows non-root Dropbear to work even without devpts gid=5 mount +option on Linux. +--- + sshpty.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/sshpty.c ++++ b/sshpty.c +@@ -380,7 +380,9 @@ pty_setowner(struct passwd *pw, const ch + tty_name, strerror(errno)); + } + +- if (st.st_uid != pw->pw_uid || st.st_gid != gid) { ++ /* Allow either "tty" gid or user's own gid. On Linux with openpty() ++ * this varies depending on the devpts mount options */ ++ if (st.st_uid != pw->pw_uid || !(st.st_gid == gid || st.st_gid == pw->pw_gid)) { + if (chown(tty_name, pw->pw_uid, gid) < 0) { + if (errno == EROFS && + (st.st_uid == pw->pw_uid || st.st_uid == 0)) { |