From 4135915279b9f70147bd39c9feb382170c410947 Mon Sep 17 00:00:00 2001 From: Felix Fietkau Date: Tue, 13 Dec 2005 19:15:43 +0000 Subject: update dropbear to 0.47 (adds keyboard-interactive auth, fixes a potential security issue, fixes #59) git-svn-id: svn://svn.openwrt.org/openwrt/trunk/openwrt@2660 3c298f89-4303-0410-b956-a3cf2f4a3e73 --- package/dropbear/Config.in | 5 +- package/dropbear/Makefile | 4 +- package/dropbear/patches/100-pubkey_path.patch | 89 ++++++++++++++++++++++ package/dropbear/patches/110-change_user.patch | 19 +++++ package/dropbear/patches/120-hostkey_prompt.patch | 12 +++ package/dropbear/patches/130-scp_argument.patch | 16 ++++ package/dropbear/patches/140-use_dev_urandom.patch | 12 +++ package/dropbear/patches/authpubkey.patch | 73 ------------------ package/dropbear/patches/change-user.patch | 19 ----- package/dropbear/patches/hostkey-prompt.patch | 12 --- package/dropbear/patches/scp-argument-fix.patch | 16 ---- package/dropbear/patches/use-dev-urandom.patch | 12 --- 12 files changed, 152 insertions(+), 137 deletions(-) create mode 100644 package/dropbear/patches/100-pubkey_path.patch create mode 100644 package/dropbear/patches/110-change_user.patch create mode 100644 package/dropbear/patches/120-hostkey_prompt.patch create mode 100644 package/dropbear/patches/130-scp_argument.patch create mode 100644 package/dropbear/patches/140-use_dev_urandom.patch delete mode 100644 package/dropbear/patches/authpubkey.patch delete mode 100644 package/dropbear/patches/change-user.patch delete mode 100644 package/dropbear/patches/hostkey-prompt.patch delete mode 100644 package/dropbear/patches/scp-argument-fix.patch delete mode 100644 package/dropbear/patches/use-dev-urandom.patch (limited to 'package/dropbear') diff --git a/package/dropbear/Config.in b/package/dropbear/Config.in index 0c4b2f4527..54d7284eed 100644 --- a/package/dropbear/Config.in +++ b/package/dropbear/Config.in @@ -1,10 +1,9 @@ config BR2_PACKAGE_DROPBEAR - prompt "dropbear.......................... Small SSH 2 client/server" - tristate + tristate "dropbear - Small SSH 2 client/server" default y select BR2_PACKAGE_ZLIB help A small SSH 2 server/client designed for small memory environments. http://matt.ucc.asn.au/dropbear/ - + diff --git a/package/dropbear/Makefile b/package/dropbear/Makefile index e7144a60df..36548877db 100644 --- a/package/dropbear/Makefile +++ b/package/dropbear/Makefile @@ -3,9 +3,9 @@ include $(TOPDIR)/rules.mk PKG_NAME:=dropbear -PKG_VERSION:=0.46 +PKG_VERSION:=0.47 PKG_RELEASE:=1 -PKG_MD5SUM:=f0e535a62b57e5bde9ecba4a11402178 +PKG_MD5SUM:=cf634614d52278d44dfd9c224a438bf2 PKG_SOURCE_URL:=http://matt.ucc.asn.au/dropbear/releases/ PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 diff --git a/package/dropbear/patches/100-pubkey_path.patch b/package/dropbear/patches/100-pubkey_path.patch new file mode 100644 index 0000000000..4adda38b2b --- /dev/null +++ b/package/dropbear/patches/100-pubkey_path.patch @@ -0,0 +1,89 @@ +diff -urN dropbear.old/svr-authpubkey.c dropbear.dev/svr-authpubkey.c +--- dropbear.old/svr-authpubkey.c 2005-12-09 06:42:33.000000000 +0100 ++++ dropbear.dev/svr-authpubkey.c 2005-12-12 01:35:32.139358750 +0100 +@@ -155,7 +155,6 @@ + unsigned char* keyblob, unsigned int keybloblen) { + + FILE * authfile = NULL; +- char * filename = NULL; + int ret = DROPBEAR_FAILURE; + buffer * line = NULL; + unsigned int len, pos; +@@ -176,17 +175,8 @@ + goto out; + } + +- /* we don't need to check pw and pw_dir for validity, since +- * its been done in checkpubkeyperms. */ +- len = strlen(ses.authstate.pw->pw_dir); +- /* allocate max required pathname storage, +- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ +- filename = m_malloc(len + 22); +- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", +- ses.authstate.pw->pw_dir); +- + /* open the file */ +- authfile = fopen(filename, "r"); ++ authfile = fopen("/etc/dropbear/authorized_keys", "r"); + if (authfile == NULL) { + goto out; + } +@@ -247,7 +237,6 @@ + if (line) { + buf_free(line); + } +- m_free(filename); + TRACE(("leave checkpubkey: ret=%d", ret)) + return ret; + } +@@ -255,12 +244,11 @@ + + /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok, + * DROPBEAR_FAILURE otherwise. +- * Checks that the user's homedir, ~/.ssh, and +- * ~/.ssh/authorized_keys are all owned by either root or the user, and are ++ * Checks that /etc/dropbear and /etc/dropbear/authorized_keys ++ * are all owned by either root or the user, and are + * g-w, o-w */ + static int checkpubkeyperms() { + +- char* filename = NULL; + int ret = DROPBEAR_FAILURE; + unsigned int len; + +@@ -274,25 +262,11 @@ + goto out; + } + +- /* allocate max required pathname storage, +- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ +- filename = m_malloc(len + 22); +- strncpy(filename, ses.authstate.pw->pw_dir, len+1); +- +- /* check ~ */ +- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { +- goto out; +- } +- +- /* check ~/.ssh */ +- strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ +- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { ++ if (checkfileperm("/etc/dropbear") != DROPBEAR_SUCCESS) { + goto out; + } + +- /* now check ~/.ssh/authorized_keys */ +- strncat(filename, "/authorized_keys", 16); +- if (checkfileperm(filename) != DROPBEAR_SUCCESS) { ++ if (checkfileperm("/etc/dropbear/authorized_keys") != DROPBEAR_SUCCESS) { + goto out; + } + +@@ -300,7 +274,6 @@ + ret = DROPBEAR_SUCCESS; + + out: +- m_free(filename); + + TRACE(("leave checkpubkeyperms")) + return ret; diff --git a/package/dropbear/patches/110-change_user.patch b/package/dropbear/patches/110-change_user.patch new file mode 100644 index 0000000000..ac617e2806 --- /dev/null +++ b/package/dropbear/patches/110-change_user.patch @@ -0,0 +1,19 @@ +diff -urN dropbear.old/svr-chansession.c dropbear.dev/svr-chansession.c +--- dropbear.old/svr-chansession.c 2005-12-09 06:42:33.000000000 +0100 ++++ dropbear.dev/svr-chansession.c 2005-12-12 01:42:38.982034750 +0100 +@@ -860,12 +860,12 @@ + /* We can only change uid/gid as root ... */ + if (getuid() == 0) { + +- if ((setgid(ses.authstate.pw->pw_gid) < 0) || ++ if ((ses.authstate.pw->pw_gid != 0) && ((setgid(ses.authstate.pw->pw_gid) < 0) || + (initgroups(ses.authstate.pw->pw_name, +- ses.authstate.pw->pw_gid) < 0)) { ++ ses.authstate.pw->pw_gid) < 0))) { + dropbear_exit("error changing user group"); + } +- if (setuid(ses.authstate.pw->pw_uid) < 0) { ++ if ((ses.authstate.pw->pw_uid != 0) && (setuid(ses.authstate.pw->pw_uid) < 0)) { + dropbear_exit("error changing user"); + } + } else { diff --git a/package/dropbear/patches/120-hostkey_prompt.patch b/package/dropbear/patches/120-hostkey_prompt.patch new file mode 100644 index 0000000000..59639e7b97 --- /dev/null +++ b/package/dropbear/patches/120-hostkey_prompt.patch @@ -0,0 +1,12 @@ +diff -urN dropbear-0.45.old/cli-kex.c dropbear-0.45/cli-kex.c +--- dropbear-0.45.old/cli-kex.c 2005-03-07 05:27:01.000000000 +0100 ++++ dropbear-0.45/cli-kex.c 2005-03-25 11:13:57.000000000 +0100 +@@ -119,7 +119,7 @@ + char response = 'z'; + + fp = sign_key_fingerprint(keyblob, keybloblen); +- fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n", ++ fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n) ", + cli_opts.remotehost, + fp); + diff --git a/package/dropbear/patches/130-scp_argument.patch b/package/dropbear/patches/130-scp_argument.patch new file mode 100644 index 0000000000..befba5d395 --- /dev/null +++ b/package/dropbear/patches/130-scp_argument.patch @@ -0,0 +1,16 @@ +diff -urN dropbear-0.45.old/scp.c dropbear-0.45/scp.c +--- dropbear-0.45.old/scp.c 2005-03-07 05:27:02.000000000 +0100 ++++ dropbear-0.45/scp.c 2005-03-25 11:28:22.000000000 +0100 +@@ -249,9 +249,9 @@ + + args.list = NULL; + addargs(&args, "ssh"); /* overwritten with ssh_program */ +- addargs(&args, "-x"); +- addargs(&args, "-oForwardAgent no"); +- addargs(&args, "-oClearAllForwardings yes"); ++// addargs(&args, "-x"); ++// addargs(&args, "-oForwardAgent no"); ++// addargs(&args, "-oClearAllForwardings yes"); + + fflag = tflag = 0; + while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1) diff --git a/package/dropbear/patches/140-use_dev_urandom.patch b/package/dropbear/patches/140-use_dev_urandom.patch new file mode 100644 index 0000000000..e1424f59a3 --- /dev/null +++ b/package/dropbear/patches/140-use_dev_urandom.patch @@ -0,0 +1,12 @@ +diff -urN dropbear-0.45.old/options.h dropbear-0.45/options.h +--- dropbear-0.45.old/options.h 2005-03-14 17:12:22.000000000 +0100 ++++ dropbear-0.45/options.h 2005-03-14 17:13:49.000000000 +0100 +@@ -143,7 +143,7 @@ + * however significantly reduce the security of your ssh connections + * if the PRNG state becomes guessable - make sure you know what you are + * doing if you change this. */ +-#define DROPBEAR_RANDOM_DEV "/dev/random" ++#define DROPBEAR_RANDOM_DEV "/dev/urandom" + + /* prngd must be manually set up to produce output */ + /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ diff --git a/package/dropbear/patches/authpubkey.patch b/package/dropbear/patches/authpubkey.patch deleted file mode 100644 index 07beefe714..0000000000 --- a/package/dropbear/patches/authpubkey.patch +++ /dev/null @@ -1,73 +0,0 @@ ---- dropbear-0.45.old/svr-authpubkey.c 2005-09-27 12:45:20.863639072 +0200 -+++ dropbear-0.45/svr-authpubkey.c 2005-09-27 13:15:09.066790872 +0200 -@@ -176,14 +176,10 @@ - goto out; - } - -- /* we don't need to check pw and pw_dir for validity, since -- * its been done in checkpubkeyperms. */ -- len = strlen(ses.authstate.pw->pw_dir); - /* allocate max required pathname storage, -- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -- filename = m_malloc(len + 22); -- snprintf(filename, len + 22, "%s/.ssh/authorized_keys", -- ses.authstate.pw->pw_dir); -+ * = "/etc/dropbear/authorized_keys" + '\0' = 30 */ -+ filename = m_malloc(30); -+ strncpy(filename, "/etc/dropbear/authorized_keys", 30); - - /* open the file */ - authfile = fopen(filename, "r"); -@@ -255,43 +251,33 @@ - - /* Returns DROPBEAR_SUCCESS if file permissions for pubkeys are ok, - * DROPBEAR_FAILURE otherwise. -- * Checks that the user's homedir, ~/.ssh, and -- * ~/.ssh/authorized_keys are all owned by either root or the user, and are -+ * Checks that /etc, /etc/dropbear and /etc/dropbear/authorized_keys -+ * are all owned by either root or the user, and are - * g-w, o-w */ - static int checkpubkeyperms() { - - char* filename = NULL; - int ret = DROPBEAR_FAILURE; -- unsigned int len; - - TRACE(("enter checkpubkeyperms")) - -- assert(ses.authstate.pw); -- if (ses.authstate.pw->pw_dir == NULL) { -- goto out; -- } -- -- if ((len = strlen(ses.authstate.pw->pw_dir)) == 0) { -- goto out; -- } -- - /* allocate max required pathname storage, -- * = path + "/.ssh/authorized_keys" + '\0' = pathlen + 22 */ -- filename = m_malloc(len + 22); -- strncpy(filename, ses.authstate.pw->pw_dir, len+1); -+ * = "/etc/dropbear/authorized_keys" + '\0' = 30 */ -+ filename = m_malloc(30); -+ strncpy(filename, "/etc", 4); /* strlen("/etc") == 4 */ - -- /* check ~ */ -+ /* check /etc */ - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - goto out; - } - -- /* check ~/.ssh */ -- strncat(filename, "/.ssh", 5); /* strlen("/.ssh") == 5 */ -+ /* check /etc/dropbear */ -+ strncat(filename, "/dropbear", 9); /* strlen("/dropbear") == 9 */ - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - goto out; - } - -- /* now check ~/.ssh/authorized_keys */ -+ /* now check /etc/dropbear/authorized_keys */ - strncat(filename, "/authorized_keys", 16); - if (checkfileperm(filename) != DROPBEAR_SUCCESS) { - goto out; diff --git a/package/dropbear/patches/change-user.patch b/package/dropbear/patches/change-user.patch deleted file mode 100644 index 5ab4a56899..0000000000 --- a/package/dropbear/patches/change-user.patch +++ /dev/null @@ -1,19 +0,0 @@ -diff -ruN dropbear-0.46-old/svr-chansession.c dropbear-0.46-new/svr-chansession.c ---- dropbear-0.46-old/svr-chansession.c 2005-07-08 21:20:59.000000000 +0200 -+++ dropbear-0.46-new/svr-chansession.c 2005-07-12 01:39:12.000000000 +0200 -@@ -860,12 +860,12 @@ - /* We can only change uid/gid as root ... */ - if (getuid() == 0) { - -- if ((setgid(ses.authstate.pw->pw_gid) < 0) || -+ if ((ses.authstate.pw->pw_gid != 0) && ((setgid(ses.authstate.pw->pw_gid) < 0) || - (initgroups(ses.authstate.pw->pw_name, -- ses.authstate.pw->pw_gid) < 0)) { -+ ses.authstate.pw->pw_gid) < 0))) { - dropbear_exit("error changing user group"); - } -- if (setuid(ses.authstate.pw->pw_uid) < 0) { -+ if ((ses.authstate.pw->pw_uid != 0) && (setuid(ses.authstate.pw->pw_uid) < 0)) { - dropbear_exit("error changing user"); - } - } else { diff --git a/package/dropbear/patches/hostkey-prompt.patch b/package/dropbear/patches/hostkey-prompt.patch deleted file mode 100644 index 59639e7b97..0000000000 --- a/package/dropbear/patches/hostkey-prompt.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -urN dropbear-0.45.old/cli-kex.c dropbear-0.45/cli-kex.c ---- dropbear-0.45.old/cli-kex.c 2005-03-07 05:27:01.000000000 +0100 -+++ dropbear-0.45/cli-kex.c 2005-03-25 11:13:57.000000000 +0100 -@@ -119,7 +119,7 @@ - char response = 'z'; - - fp = sign_key_fingerprint(keyblob, keybloblen); -- fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n)\n", -+ fprintf(stderr, "\nHost '%s' is not in the trusted hosts file.\n(fingerprint %s)\nDo you want to continue connecting? (y/n) ", - cli_opts.remotehost, - fp); - diff --git a/package/dropbear/patches/scp-argument-fix.patch b/package/dropbear/patches/scp-argument-fix.patch deleted file mode 100644 index befba5d395..0000000000 --- a/package/dropbear/patches/scp-argument-fix.patch +++ /dev/null @@ -1,16 +0,0 @@ -diff -urN dropbear-0.45.old/scp.c dropbear-0.45/scp.c ---- dropbear-0.45.old/scp.c 2005-03-07 05:27:02.000000000 +0100 -+++ dropbear-0.45/scp.c 2005-03-25 11:28:22.000000000 +0100 -@@ -249,9 +249,9 @@ - - args.list = NULL; - addargs(&args, "ssh"); /* overwritten with ssh_program */ -- addargs(&args, "-x"); -- addargs(&args, "-oForwardAgent no"); -- addargs(&args, "-oClearAllForwardings yes"); -+// addargs(&args, "-x"); -+// addargs(&args, "-oForwardAgent no"); -+// addargs(&args, "-oClearAllForwardings yes"); - - fflag = tflag = 0; - while ((ch = getopt(argc, argv, "dfl:prtvBCc:i:P:q1246S:o:F:")) != -1) diff --git a/package/dropbear/patches/use-dev-urandom.patch b/package/dropbear/patches/use-dev-urandom.patch deleted file mode 100644 index e1424f59a3..0000000000 --- a/package/dropbear/patches/use-dev-urandom.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -urN dropbear-0.45.old/options.h dropbear-0.45/options.h ---- dropbear-0.45.old/options.h 2005-03-14 17:12:22.000000000 +0100 -+++ dropbear-0.45/options.h 2005-03-14 17:13:49.000000000 +0100 -@@ -143,7 +143,7 @@ - * however significantly reduce the security of your ssh connections - * if the PRNG state becomes guessable - make sure you know what you are - * doing if you change this. */ --#define DROPBEAR_RANDOM_DEV "/dev/random" -+#define DROPBEAR_RANDOM_DEV "/dev/urandom" - - /* prngd must be manually set up to produce output */ - /*#define DROPBEAR_PRNGD_SOCKET "/var/run/dropbear-rng"*/ -- cgit v1.2.3