From d867cf751373e6d8b41f67604b8bc5ca5ddba8c7 Mon Sep 17 00:00:00 2001 From: dtucker Date: Fri, 27 Jul 2018 05:13:02 +0000 Subject: [PATCH] Remove uid checks from low port binds. Now that ssh cannot be setuid and sshd always has privsep on, we can remove the uid checks for low port binds and just let the system do the check. We leave a sanity check for the !privsep case so long as the code is stil there. with & ok djm@ --- usr.bin/ssh/misc.c | 11 +---------- usr.bin/ssh/misc.h | 3 +-- usr.bin/ssh/readconf.c | 5 +---- usr.bin/ssh/serverloop.c | 13 ++++++++++++- 4 files changed, 15 insertions(+), 17 deletions(-) diff --git a/usr.bin/ssh/misc.c b/usr.bin/ssh/misc.c index e2e1be9735a..8d8736e32b5 100644 --- a/usr.bin/ssh/misc.c +++ b/usr.bin/ssh/misc.c @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.c,v 1.130 2018/07/18 11:34:04 dtucker Exp $ */ +/* $OpenBSD: misc.c,v 1.131 2018/07/27 05:13:02 dtucker Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * Copyright (c) 2005,2006 Damien Miller. All rights reserved. @@ -1500,15 +1500,6 @@ forward_equals(const struct Forward *a, const struct Forward *b) return 1; } -/* returns 1 if bind to specified port by specified user is permitted */ -int -bind_permitted(int port, uid_t uid) -{ - if (port < IPPORT_RESERVED && uid != 0) - return 0; - return 1; -} - /* returns 1 if process is already daemonized, 0 otherwise */ int daemonized(void) diff --git a/usr.bin/ssh/misc.h b/usr.bin/ssh/misc.h index 25c5871793c..a5dca0c67e3 100644 --- a/usr.bin/ssh/misc.h +++ b/usr.bin/ssh/misc.h @@ -1,4 +1,4 @@ -/* $OpenBSD: misc.h,v 1.73 2018/06/09 03:01:12 djm Exp $ */ +/* $OpenBSD: misc.h,v 1.74 2018/07/27 05:13:02 dtucker Exp $ */ /* * Author: Tatu Ylonen @@ -31,7 +31,6 @@ struct Forward { }; int forward_equals(const struct Forward *, const struct Forward *); -int bind_permitted(int, uid_t); int daemonized(void); /* Common server and client forwarding options. */ diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 6b5a4183e2a..bfe60f2ddfd 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.294 2018/07/19 10:28:47 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.295 2018/07/27 05:13:02 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -308,9 +308,6 @@ add_local_forward(Options *options, const struct Forward *newfwd) extern uid_t original_real_uid; int i; - if (!bind_permitted(newfwd->listen_port, original_real_uid) && - newfwd->listen_path == NULL) - fatal("Privileged ports can only be forwarded by root."); /* Don't add duplicates */ for (i = 0; i < options->num_local_forwards; i++) { if (forward_equals(newfwd, options->local_forwards + i)) diff --git a/usr.bin/ssh/serverloop.c b/usr.bin/ssh/serverloop.c index 5f9c696bb87..380121ab5ca 100644 --- a/usr.bin/ssh/serverloop.c +++ b/usr.bin/ssh/serverloop.c @@ -1,4 +1,4 @@ -/* $OpenBSD: serverloop.c,v 1.208 2018/07/11 18:53:29 markus Exp $ */ +/* $OpenBSD: serverloop.c,v 1.209 2018/07/27 05:13:02 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -99,6 +99,17 @@ static void server_init_dispatch(void); /* requested tunnel forwarding interface(s), shared with session.c */ char *tun_fwd_ifnames = NULL; +/* returns 1 if bind to specified port by specified user is permitted */ +static int +bind_permitted(int port, uid_t uid) +{ + if (use_privsep) + return 1; /* allow system to decide */ + if (port < IPPORT_RESERVED && uid != 0) + return 0; + return 1; +} + /* * we write to this pipe if a SIGCHLD is caught in order to avoid * the race between select() and child_terminated -- 2.20.1