summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
l---------data/openssh/_metadata/maintainer2
-rw-r--r--data/openssh/_metadata/version2
-rw-r--r--data/openssh/com.openssh.sshd.plist5
-rw-r--r--data/openssh/duplicate.diff34
-rw-r--r--data/openssh/openssh-6.7p1.tar.gzbin1351367 -> 0 bytes
-rw-r--r--data/openssh/openssh-7.7p1.tar.gzbin0 -> 1536900 bytes
-rw-r--r--data/openssh/privsep.diff224
-rw-r--r--data/openssh/sshd_config4
8 files changed, 242 insertions, 29 deletions
diff --git a/data/openssh/_metadata/maintainer b/data/openssh/_metadata/maintainer
index 0fa66e077..573d7ebef 120000
--- a/data/openssh/_metadata/maintainer
+++ b/data/openssh/_metadata/maintainer
@@ -1 +1 @@
-../../../people/saurik \ No newline at end of file
+../../../people/sbingner \ No newline at end of file
diff --git a/data/openssh/_metadata/version b/data/openssh/_metadata/version
index 2ce383e8c..d4461db47 100644
--- a/data/openssh/_metadata/version
+++ b/data/openssh/_metadata/version
@@ -1 +1 @@
-6.7p1
+7.7p1
diff --git a/data/openssh/com.openssh.sshd.plist b/data/openssh/com.openssh.sshd.plist
index d9c86d972..5190d018d 100644
--- a/data/openssh/com.openssh.sshd.plist
+++ b/data/openssh/com.openssh.sshd.plist
@@ -7,11 +7,12 @@
<string>com.openssh.sshd</string>
<key>Program</key>
- <string>/usr/libexec/sshd-keygen-wrapper</string>
+ <string>/bin/sh</string>
<key>ProgramArguments</key>
<array>
- <string>/usr/sbin/sshd</string>
+ <string>/bin/sh</string>
+ <string>/usr/libexec/sshd-keygen-wrapper</string>
<string>-i</string>
</array>
diff --git a/data/openssh/duplicate.diff b/data/openssh/duplicate.diff
index 6482334ac..108caf046 100644
--- a/data/openssh/duplicate.diff
+++ b/data/openssh/duplicate.diff
@@ -1,24 +1,12 @@
-diff -ru openssh-6.7p1/ge25519.h openssh-6.7p1+iPhone/ge25519.h
---- openssh-6.7p1/ge25519.h 2013-12-18 06:48:11.000000000 +0000
-+++ openssh-6.7p1+iPhone/ge25519.h 2014-12-03 07:58:12.000000000 +0000
-@@ -28,7 +28,7 @@
- fe25519 t;
- } ge25519;
+diff -ur openssh-7.7p1/session.c openssh-7.7p1+iPhone/session.c
+--- openssh-7.7p1/session.c 2018-04-01 19:38:28.000000000 -1000
++++ openssh-7.7p1+iPhone/session.c 2018-07-24 12:09:29.000000000 -1000
+@@ -141,7 +141,7 @@
+ extern void destroy_sensitive_data(void);
+ extern Buffer loginmsg;
+ extern struct sshauthopt *auth_opts;
+-char *tun_fwd_ifnames; /* serverloop.c */
++extern char *tun_fwd_ifnames; /* serverloop.c */
--const ge25519 ge25519_base;
-+extern const ge25519 ge25519_base;
-
- int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);
-
-diff -ru openssh-6.7p1/umac.c openssh-6.7p1+iPhone/umac.c
---- openssh-6.7p1/umac.c 2014-07-22 23:43:42.000000000 +0000
-+++ openssh-6.7p1+iPhone/umac.c 2014-12-02 23:50:38.000000000 +0000
-@@ -1175,7 +1175,7 @@
- * time. The all-at-once is more optimaized than the sequential version and
- * should be preferred when the sequential interface is not required.
- */
--struct umac_ctx {
-+typedef struct umac_ctx {
- uhash_ctx hash; /* Hash function for message compression */
- pdf_ctx pdf; /* PDF for hashed output */
- void *free_ptr; /* Address to free this struct via */
+ /* original command from peer. */
+ const char *original_command = NULL;
diff --git a/data/openssh/openssh-6.7p1.tar.gz b/data/openssh/openssh-6.7p1.tar.gz
deleted file mode 100644
index b23e9969a..000000000
--- a/data/openssh/openssh-6.7p1.tar.gz
+++ /dev/null
Binary files differ
diff --git a/data/openssh/openssh-7.7p1.tar.gz b/data/openssh/openssh-7.7p1.tar.gz
new file mode 100644
index 000000000..776707ee5
--- /dev/null
+++ b/data/openssh/openssh-7.7p1.tar.gz
Binary files differ
diff --git a/data/openssh/privsep.diff b/data/openssh/privsep.diff
new file mode 100644
index 000000000..2f53b4da3
--- /dev/null
+++ b/data/openssh/privsep.diff
@@ -0,0 +1,224 @@
+diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
+index db6aaa08..d934d09b 100644
+--- a/contrib/cygwin/ssh-host-config
++++ b/contrib/cygwin/ssh-host-config
+@@ -63,6 +63,7 @@ sshd_config_configured=no
+ port_number=22
+ service_name=sshd
+ strictmodes=yes
++privsep_used=yes
+ cygwin_value=""
+ user_account=
+ password_value=
+@@ -139,21 +140,33 @@ sshd_strictmodes() {
+
+ # ======================================================================
+ # Routine: sshd_privsep
+-# Try to create ssshd user account
++# MODIFIES: privsep_used
+ # ======================================================================
+ sshd_privsep() {
+ local ret=0
+
+ if [ "${sshd_config_configured}" != "yes" ]
+ then
+- if ! csih_create_unprivileged_user sshd
++ echo
++ csih_inform "Privilege separation is set to 'sandbox' by default since"
++ csih_inform "OpenSSH 6.1. This is unsupported by Cygwin and has to be set"
++ csih_inform "to 'yes' or 'no'."
++ csih_inform "However, using privilege separation requires a non-privileged account"
++ csih_inform "called 'sshd'."
++ csih_inform "For more info on privilege separation read /usr/share/doc/openssh/README.privsep."
++ if csih_request "Should privilege separation be used?"
+ then
+- csih_error_recoverable "Could not create user 'sshd'!"
+- csih_error_recoverable "You will not be able to run an sshd service"
+- csih_error_recoverable "under a privileged account successfully."
+- csih_error_recoverable "Make sure to create a non-privileged user 'sshd'"
+- csih_error_recoverable "manually before trying to run the service!"
+- let ++ret
++ privsep_used=yes
++ if ! csih_create_unprivileged_user sshd
++ then
++ csih_error_recoverable "Couldn't create user 'sshd'!"
++ csih_error_recoverable "Privilege separation set to 'no' again!"
++ csih_error_recoverable "Check your ${SYSCONFDIR}/sshd_config file!"
++ let ++ret
++ privsep_used=no
++ fi
++ else
++ privsep_used=no
+ fi
+ fi
+ return $ret
+@@ -189,6 +202,18 @@ sshd_config_tweak() {
+ let ++ret
+ fi
+ fi
++ if [ "${sshd_config_configured}" != "yes" ]
++ then
++ /usr/bin/sed -i -e "
++ s/^#\?UsePrivilegeSeparation .*/UsePrivilegeSeparation ${privsep_used}/" \
++ ${SYSCONFDIR}/sshd_config
++ if [ $? -ne 0 ]
++ then
++ csih_warning "Setting privilege separation failed!"
++ csih_warning "Check your ${SYSCONFDIR}/sshd_config file!"
++ let ++ret
++ fi
++ fi
+ return $ret
+ } # --- End of sshd_config_tweak --- #
+
+@@ -668,7 +693,7 @@ then
+ fi
+ fi
+
+-# handle sshd_config
++# handle sshd_config (and privsep)
+ csih_install_config "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults" || let ++warning_cnt
+ if ! /usr/bin/cmp "${SYSCONFDIR}/sshd_config" "${SYSCONFDIR}/defaults/${SYSCONFDIR}/sshd_config" >/dev/null 2>&1
+ then
+diff --git a/servconf.c b/servconf.c
+index 0f0d0906..a63cec91 100644
+--- a/servconf.c
++++ b/servconf.c
+@@ -590,7 +590,7 @@ static struct {
+ { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL },
+ { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL },
+ { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL },
+- { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL},
++ { "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL},
+ { "acceptenv", sAcceptEnv, SSHCFG_ALL },
+ { "permittunnel", sPermitTunnel, SSHCFG_ALL },
+ { "permittty", sPermitTTY, SSHCFG_ALL },
+@@ -1130,6 +1130,13 @@ static const struct multistate multistate_gatewayports[] = {
+ { "no", 0 },
+ { NULL, -1 }
+ };
++static const struct multistate multistate_privsep[] = {
++ { "yes", PRIVSEP_NOSANDBOX },
++ { "sandbox", PRIVSEP_ON },
++ { "nosandbox", PRIVSEP_NOSANDBOX },
++ { "no", PRIVSEP_OFF },
++ { NULL, -1 }
++};
+ static const struct multistate multistate_tcpfwd[] = {
+ { "yes", FORWARD_ALLOW },
+ { "all", FORWARD_ALLOW },
+@@ -1563,6 +1570,11 @@ process_server_config_line(ServerOptions *options, char *line,
+ intptr = &options->disable_forwarding;
+ goto parse_flag;
+
++ case sUsePrivilegeSeparation:
++ intptr = &use_privsep;
++ multistate_ptr = multistate_privsep;
++ goto parse_multistate;
++
+ case sAllowUsers:
+ while ((arg = strdelim(&cp)) && *arg != '\0') {
+ if (match_user(NULL, NULL, NULL, arg) == -1)
+@@ -2289,6 +2301,8 @@ fmt_intarg(ServerOpCodes code, int val)
+ return fmt_multistate_int(val, multistate_gatewayports);
+ case sCompression:
+ return fmt_multistate_int(val, multistate_compression);
++ case sUsePrivilegeSeparation:
++ return fmt_multistate_int(val, multistate_privsep);
+ case sAllowTcpForwarding:
+ return fmt_multistate_int(val, multistate_tcpfwd);
+ case sAllowStreamLocalForwarding:
+@@ -2480,6 +2494,7 @@ dump_config(ServerOptions *o)
+ dump_cfg_fmtint(sDisableForwarding, o->disable_forwarding);
+ dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
+ dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
++ dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
+ dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
+ dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info);
+
+diff --git a/sshd.c b/sshd.c
+index fd95b681..697f5a8b 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -228,7 +228,6 @@ int startup_pipe; /* in child */
+ int use_privsep = -1;
+ struct monitor *pmonitor = NULL;
+ int privsep_is_preauth = 1;
+-static int privsep_chroot = 1;
+
+ /* global authentication context */
+ Authctxt *the_authctxt = NULL;
+@@ -541,7 +540,7 @@ privsep_preauth_child(void)
+ demote_sensitive_data();
+
+ /* Demote the child */
+- if (privsep_chroot) {
++ if (getuid() == 0 || geteuid() == 0) {
+ /* Change our root directory */
+ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
+ fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
+@@ -1641,9 +1640,8 @@ main(int ac, char **av)
+ );
+
+ /* Store privilege separation user for later use if required. */
+- privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
+ if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+- if (privsep_chroot || options.kerberos_authentication)
++ if (use_privsep || options.kerberos_authentication)
+ fatal("Privilege separation user %s does not exist",
+ SSH_PRIVSEP_USER);
+ } else {
+@@ -1801,7 +1790,7 @@ main(int ac, char **av)
+ key_type(key));
+ }
+
+- if (privsep_chroot) {
++ if (use_privsep) {
+ struct stat st;
+
+ if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
+diff --git a/sshd_config b/sshd_config
+index 3109d5d7..018b5eb2 100644
+--- a/sshd_config
++++ b/sshd_config
+@@ -92,6 +92,7 @@ AuthorizedKeysFile .ssh/authorized_keys
+ #PrintLastLog yes
+ #TCPKeepAlive yes
+ #UseLogin no
++#UsePrivilegeSeparation sandbox
+ #PermitUserEnvironment no
+ #Compression delayed
+ #ClientAliveInterval 0
+diff --git a/sshd_config.5 b/sshd_config.5
+index e3c7c393..20a185f0 100644
+--- a/sshd_config.5
++++ b/sshd_config.5
+@@ -1542,6 +1542,28 @@ is enabled, you will not be able to run
+ as a non-root user.
+ The default is
+ .Cm no .
++.It Cm UsePrivilegeSeparation
++Specifies whether
++.Xr sshd 8
++separates privileges by creating an unprivileged child process
++to deal with incoming network traffic.
++After successful authentication, another process will be created that has
++the privilege of the authenticated user.
++The goal of privilege separation is to prevent privilege
++escalation by containing any corruption within the unprivileged processes.
++The argument must be
++.Cm yes ,
++.Cm no ,
++or
++.Cm sandbox .
++If
++.Cm UsePrivilegeSeparation
++is set to
++.Cm sandbox
++then the pre-authentication unprivileged process is subject to additional
++restrictions.
++The default is
++.Cm sandbox .
+ .It Cm VersionAddendum
+ Optionally specifies additional text to append to the SSH protocol banner
+ sent by the server upon connection.
diff --git a/data/openssh/sshd_config b/data/openssh/sshd_config
index 41edb7d47..7276adf09 100644
--- a/data/openssh/sshd_config
+++ b/data/openssh/sshd_config
@@ -21,7 +21,7 @@
Protocol 2
# HostKey for protocol version 1
-HostKey /etc/ssh/ssh_host_key
+# HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
@@ -38,7 +38,7 @@ HostKey /etc/ssh/ssh_host_dsa_key
# Authentication:
#LoginGraceTime 2m
-#PermitRootLogin yes
+PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6