OpenSSH 3.5 as of Oct 1, 2002

crypto/dist/ssh/auth-options.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: auth-options.c,v 1.1.1.11 2002/06/24 05:25:41 itojun Exp $	*/
+/*	$NetBSD: auth-options.c,v 1.1.1.12 2002/10/01 13:39:55 itojun Exp $	*/
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -11,9 +11,8 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: auth-options.c,v 1.24 2002/05/13 20:44:58 markus Exp $");
+RCSID("$OpenBSD: auth-options.c,v 1.26 2002/07/30 17:03:55 markus Exp $");
 
-#include "packet.h"
 #include "xmalloc.h"
 #include "match.h"
 #include "log.h"
@@ -21,7 +20,6 @@ RCSID("$OpenBSD: auth-options.c,v 1.24 2002/05/13 20:44:58 markus Exp $");
 #include "channels.h"
 #include "auth-options.h"
 #include "servconf.h"
-#include "bufaux.h"
 #include "misc.h"
 #include "monitor_wrap.h"
 #include "auth.h"
@@ -136,7 +134,8 @@ auth_parse_options(struct passwd *pw, char *opts, char *file, u_long linenum)
 			goto next_option;
 		}
 		cp = "environment=\"";
-		if (strncasecmp(opts, cp, strlen(cp)) == 0) {
+		if (options.permit_user_env &&
+		    strncasecmp(opts, cp, strlen(cp)) == 0) {
 			char *s;
 			struct envstring *new_envstring;
 

crypto/dist/ssh/auth-options.h

@@ -1,11 +1,10 @@
-/*	$NetBSD: auth-options.h,v 1.1.1.6 2002/03/08 01:20:30 itojun Exp $	*/
+/*	$NetBSD: auth-options.h,v 1.1.1.7 2002/10/01 13:39:55 itojun Exp $	*/
-/*	$OpenBSD: auth-options.h,v 1.11 2002/03/04 17:27:39 stevesk Exp $	*/
+/*	$OpenBSD: auth-options.h,v 1.12 2002/07/21 18:34:43 stevesk Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
- * Functions to interface with the SSH_AUTHENTICATION_FD socket.
  *
  * As far as I am concerned, the code I have written for this software
  * can be used freely for any purpose.  Any derived versions of this

crypto/dist/ssh/authfd.h

@@ -1,5 +1,5 @@
-/*	$NetBSD: authfd.h,v 1.1.1.8 2002/06/24 05:25:43 itojun Exp $	*/
+/*	$NetBSD: authfd.h,v 1.1.1.9 2002/10/01 13:39:56 itojun Exp $	*/
-/*	$OpenBSD: authfd.h,v 1.30 2002/06/19 00:27:55 deraadt Exp $	*/
+/*	$OpenBSD: authfd.h,v 1.31 2002/09/11 18:27:25 stevesk Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -67,6 +67,7 @@ typedef struct {
 	int	howmany;
 }	AuthenticationConnection;
 
+int	ssh_agent_present(void);
 int	ssh_get_authentication_socket(void);
 void	ssh_close_authentication_socket(int);
 

crypto/dist/ssh/compat.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: compat.c,v 1.1.1.11 2002/04/22 07:37:25 itojun Exp $	*/
+/*	$NetBSD: compat.c,v 1.1.1.12 2002/10/01 13:39:57 itojun Exp $	*/
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
@@ -24,7 +24,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: compat.c,v 1.63 2002/04/10 08:21:47 markus Exp $");
+RCSID("$OpenBSD: compat.c,v 1.65 2002/09/27 10:42:09 mickey Exp $");
 
 #include "buffer.h"
 #include "packet.h"
@@ -40,13 +40,13 @@ int datafellows = 0;
 void
 enable_compat20(void)
 {
-	verbose("Enabling compatibility mode for protocol 2.0");
+	debug("Enabling compatibility mode for protocol 2.0");
 	compat20 = 1;
 }
 void
 enable_compat13(void)
 {
-	verbose("Enabling compatibility mode for protocol 1.3");
+	debug("Enabling compatibility mode for protocol 1.3");
 	compat13 = 1;
 }
 /* datafellows bug compatibility */
@@ -147,6 +147,8 @@ compat_datafellows(const char *version)
 		  "OSU_1.5alpha3*",	SSH_BUG_PASSWORDPAD },
 		{ "*SSH_Version_Mapper*",
 					SSH_BUG_SCANNER },
+		{ "Probe-*",
+					SSH_BUG_PROBE },
 		{ NULL,			0 }
 	};
 

crypto/dist/ssh/compat.h

@@ -1,5 +1,5 @@
-/*	$NetBSD: compat.h,v 1.1.1.10 2002/04/22 07:37:25 itojun Exp $	*/
+/*	$NetBSD: compat.h,v 1.1.1.11 2002/10/01 13:39:57 itojun Exp $	*/
-/*	$OpenBSD: compat.h,v 1.32 2002/04/10 08:21:47 markus Exp $	*/
+/*	$OpenBSD: compat.h,v 1.33 2002/09/27 10:42:09 mickey Exp $	*/
 
 /*
  * Copyright (c) 1999, 2000, 2001 Markus Friedl.  All rights reserved.
@@ -55,6 +55,7 @@
 #define SSH_BUG_DUMMYCHAN	0x00100000
 #define SSH_BUG_EXTEOF		0x00200000
 #define SSH_BUG_K5USER		0x00400000
+#define SSH_BUG_PROBE		0x00800000
 
 void     enable_compat13(void);
 void     enable_compat20(void);

crypto/dist/ssh/kex.h

@@ -1,5 +1,5 @@
-/*	$NetBSD: kex.h,v 1.1.1.11 2002/06/24 05:25:48 itojun Exp $	*/
+/*	$NetBSD: kex.h,v 1.1.1.12 2002/10/01 13:39:57 itojun Exp $	*/
-/*	$OpenBSD: kex.h,v 1.31 2002/05/16 22:02:50 markus Exp $	*/
+/*	$OpenBSD: kex.h,v 1.32 2002/09/09 14:54:14 markus Exp $	*/
 
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
@@ -97,7 +97,7 @@ struct Newkeys {
 };
 struct Kex {
 	u_char	*session_id;
-	int	session_id_len;
+	u_int	session_id_len;
 	Newkeys	*newkeys[MODE_MAX];
 	int	we_need;
 	int	server;

crypto/dist/ssh/ssh_config.5

@@ -1,4 +1,4 @@
-.\"	$NetBSD: ssh_config.5,v 1.1.1.1 2002/06/24 05:26:12 itojun Exp $
+.\"	$NetBSD: ssh_config.5,v 1.1.1.2 2002/10/01 13:40:03 itojun Exp $
 .\"  -*- nroff -*-
 .\"
 .\" Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -35,7 +35,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: ssh_config.5,v 1.1 2002/06/20 19:56:07 stevesk Exp $
+.\" $OpenBSD: ssh_config.5,v 1.5 2002/08/29 22:54:10 stevesk Exp $
 .Dd September 25, 1999
 .Dt SSH_CONFIG 5
 .Os
@@ -51,10 +51,16 @@
 .Nm ssh
 obtains configuration data from the following sources in
 the following order:
-command line options, user's configuration file
+.Bl -enum -offset indent -compact
-.Pq Pa $HOME/.ssh/config ,
+.It
-and system-wide configuration file
+command-line options
-.Pq Pa /etc/ssh/ssh_config .
+.It
+user's configuration file
+.Pq Pa $HOME/.ssh/config
+.It
+system-wide configuration file
+.Pq Pa /etc/ssh/ssh_config
+.El
 .Pp
 For each parameter, the first obtained value
 will be used.
@@ -253,6 +259,13 @@ or
 .Dq no .
 The default is
 .Dq no .
+.Pp
+Agent forwarding should be enabled with caution.  Users with the
+ability to bypass file permissions on the remote host (for the agent's
+Unix-domain socket) can access the local agent through the forwarded
+connection.  An attacker cannot obtain key material from the agent,
+however they can perform operations on the keys that enable them to
+authenticate using the identities loaded into the agent.
 .It Cm ForwardX11
 Specifies whether X11 connections will be automatically redirected
 over the secure channel and
@@ -264,6 +277,12 @@ or
 .Dq no .
 The default is
 .Dq no .
+.Pp
+X11 forwarding should be enabled with caution.  Users with the ability
+to bypass file permissions on the remote host (for the user's X
+authorization database) can access the local X11 display through the
+forwarded connection.  An attacker may then be able to perform
+activities such as keystroke monitoring.
 .It Cm GatewayPorts
 Specifies whether remote hosts are allowed to connect to local
 forwarded ports.
@@ -493,7 +512,12 @@ or
 .Dq no .
 The default is
 .Dq no .
-This option applies to protocol version 1 only.
+This option applies to protocol version 1 only and requires
+.Nm ssh
+to be setuid root and
+.Cm UsePrivilegedPort
+to be set to
+.Dq yes .
 .It Cm RhostsRSAAuthentication
 Specifies whether to try rhosts based authentication with RSA host
 authentication.
@@ -568,6 +592,10 @@ or
 .Dq no .
 The default is
 .Dq no .
+If set to
+.Dq yes
+.Nm ssh
+must be setuid root.
 Note that this option must be set to
 .Dq yes
 if
@@ -585,7 +613,7 @@ Specifies a file to use for the user
 host key database instead of
 .Pa $HOME/.ssh/known_hosts .
 .It Cm XAuthLocation
-Specifies the location of the
+Specifies the full pathname of the
 .Xr xauth 1
 program.
 The default is

crypto/dist/ssh/uidswap.c

@@ -1,4 +1,4 @@
-/*	$NetBSD: uidswap.c,v 1.1.1.9 2002/06/24 05:26:09 itojun Exp $	*/
+/*	$NetBSD: uidswap.c,v 1.1.1.10 2002/10/01 13:40:02 itojun Exp $	*/
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -13,7 +13,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: uidswap.c,v 1.22 2002/05/28 21:24:00 stevesk Exp $");
+RCSID("$OpenBSD: uidswap.c,v 1.23 2002/07/15 17:15:31 stevesk Exp $");
 
 #include "log.h"
 #include "uidswap.h"
@@ -47,15 +47,16 @@ temporarily_use_uid(struct passwd *pw)
 {
 	/* Save the current euid, and egroups. */
 	saved_euid = geteuid();
-	debug("temporarily_use_uid: %u/%u (e=%u)",
+	saved_egid = getegid();
-	    (u_int)pw->pw_uid, (u_int)pw->pw_gid, (u_int)saved_euid);
+	debug("temporarily_use_uid: %u/%u (e=%u/%u)",
+	    (u_int)pw->pw_uid, (u_int)pw->pw_gid,
+	    (u_int)saved_euid, (u_int)saved_egid);
 	if (saved_euid != 0) {
 		privileged = 0;
 		return;
 	}
 	privileged = 1;
 	temporarily_use_uid_effective = 1;
-	saved_egid = getegid();
 	saved_egroupslen = getgroups(NGROUPS_MAX, saved_egroups);
 	if (saved_egroupslen < 0)
 		fatal("getgroups: %.100s", strerror(errno));
@@ -86,12 +87,14 @@ temporarily_use_uid(struct passwd *pw)
 void
 restore_uid(void)
 {
-	debug("restore_uid");
 	/* it's a no-op unless privileged */
-	if (!privileged)
+	if (!privileged) {
+		debug("restore_uid: (unprivileged)");
 		return;
+	}
 	if (!temporarily_use_uid_effective)
 		fatal("restore_uid: temporarily_use_uid not effective");
+	debug("restore_uid: %u/%u", (u_int)saved_euid, (u_int)saved_egid);
 	/* Set the effective uid back to the saved privileged uid. */
 	if (seteuid(saved_euid) < 0)
 		fatal("seteuid %u: %.100s", (u_int)saved_euid, strerror(errno));
@@ -111,6 +114,8 @@ permanently_set_uid(struct passwd *pw)
 {
 	if (temporarily_use_uid_effective)
 		fatal("permanently_set_uid: temporarily_use_uid effective");
+	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
+	    (u_int)pw->pw_gid);
 	if (setgid(pw->pw_gid) < 0)
 		fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
 	if (setuid(pw->pw_uid) < 0)