Re: [gentoo-dev] openssh exploit - gentoo-dev - Gentoo Mailing List Archives

From:	Mishael A Sibiryakov <death@×××××.org>
To:	gentoo-dev@g.o
Subject:	Re: [gentoo-dev] openssh exploit
Date:	Tue, 16 Sep 2003 14:11:54
Message-Id:	`1063721513.28710.29.camel@junki.org`
In Reply to:	Re: [gentoo-dev] openssh exploit by Mike Frysinger

1

I've been download this file:

2

ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7p1.tar.gz

3

and building openssh without any patch. Gcc version is "gcc version

4

3.3.1 20030904 (Gentoo Linux 3.3.1-r1, propolice)"

5

6

7

>>> net-misc/openssh-3.7_p1 merged.

8

>>> clean: No packages selected for removal.

9

>>> Regenerating /etc/ld.so.cache...

10

>>> Auto-cleaning packages ...

11

>>> No outdated packages were found on your system.

12

 * GNU info directory index is up-to-date.

13

 * IMPORTANT: 2 config files in /etc need updating.

14

 * Type emerge --help config to learn how to update config files.

15

16

17

This ebuild is working perfectly :)

18

19

junki openssh # cat openssh-3.7_p1.ebuild

20

inherit eutils

21

IUSE="ipv6 static pam tcpd kerberos selinux"

22

PARCH=${P/_/}

23

S=${WORKDIR}/${PARCH}

24

DESCRIPTION="Port of OpenBSD's free SSH release"

25

HOMEPAGE="http://www.openssh.com/"

26

SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz"

27

28

RDEPEND="virtual/glibc

29

        pam? ( >=sys-libs/pam-0.73 >=sys-apps/shadow-4.0.2-r2 )

30

        kerberos? ( app-crypt/mit-krb5 )

31

        selinux? ( sys-apps/selinux-small )

32

        >=dev-libs/openssl-0.9.6d

33

        sys-libs/zlib"

34

35

DEPEND="${RDEPEND}

36

        dev-lang/perl

37

        sys-apps/groff

38

        tcpd? ( >=sys-apps/tcp-wrappers-7.6 )"

39

40

41

SLOT="0"

42

LICENSE="as-is"

43

KEYWORDS="x86 ppc sparc alpha mips hppa arm amd64"

44

45

src_unpack() {

46

        unpack ${PARCH}.tar.gz

47

        cd ${S}

48

}

49

50

src_compile() {

51

        local myconf

52

        use tcpd || myconf="${myconf} --without-tcp-wrappers"

53

        use tcpd && myconf="${myconf} --with-tcp-wrappers"

54

        use pam  || myconf="${myconf} --without-pam"

55

        use pam  && myconf="${myconf} --with-pam"

56

        use ipv6 || myconf="${myconf} --with-ipv4-default"

57

58

        use kerberos && myconf="${myconf} --with-kerberos5"

59

60

        if [ ! -z $KTH_KRB ]; then

61

                myconf="${myconf} --with-kerberos4=/usr/athena"

62

fi

63

64

        use selinux && CFLAGS="${CFLAGS} -DWITH_SELINUX"

65

66

        ./configure \

67

                --prefix=/usr \

68

                --sysconfdir=/etc/ssh \

69

                --mandir=/usr/share/man \

70

                --libexecdir=/usr/lib/misc \

71

                --datadir=/usr/share/openssh \

72

                --disable-suid-ssh \

73

                --with-privsep-path=/var/empty \

74

                --with-privsep-user=sshd \

75

                --with-md5-passwords \

76

                --host=${CHOST} ${myconf} || die "bad configure"

77

78

        if [ "`use static`" ]

79

        then

80

                # statically link to libcrypto -- good for the boot cd

81

                perl -pi -e "s|-lcrypto|/usr/lib/libcrypto.a|g" Makefile

82

fi

83

84

        if [ "`use selinux`" ]

85

        then

86

                #add -lsecure

87

                sed "s:LIBS=\(.*\):LIBS=\1 -lsecure:" < Makefile >

88

Makefile.new

89

                mv Makefile.new Makefile

90

fi

91

92

        emake || die "compile problem"

93

}

94

95

src_install() {

96

        make install-files DESTDIR=${D} || die

97

        chmod 600 ${D}/etc/ssh/sshd_config

98

        dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config

99

        insinto /etc/pam.d  ; newins ${FILESDIR}/sshd.pam sshd

100

        exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd

101

        touch ${D}/var/empty/.keep

102

}

103

104

pkg_preinst() {

105

106

        userdel sshd 2> /dev/null

107

        if ! groupmod sshd; then

108

                groupadd -g 90 sshd 2> /dev/null || \

109

                        die "Failed to create sshd group"

110

fi

111

        useradd -u 22 -g sshd -s /dev/null -d /var/empty -c "sshd" sshd

112

|| \

113

                die "Failed to create sshd user"

114

115

}

116

117

pkg_postinst() {

118

119

        install -d -m0755 -o root -g root ${ROOT}/var/empty

120

121

        if use pam >/dev/null 2>&1; then

122

                einfo "Please be aware users need a valid shell in

123

/etc/passwd"

124

                einfo "in order to be allowed to login."

125

                einfo

126

fi

127

}

128

junki openssh #

129

130

--

131

Time    : 20:07:41-16:09:2003

132

NP      : Enigma (Radio Edit) - Principles Of Lust

133

SysStat : 20:07:41 up 14 days, 11:49, 2 users, load average: 2.82, 2.07,

134

1.20

135

136

137

--

138

gentoo-dev@g.o mailing list

1	I've been download this file:
2	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7p1.tar.gz
3	and building openssh without any patch. Gcc version is "gcc version
4	3.3.1 20030904 (Gentoo Linux 3.3.1-r1, propolice)"
5
6
7	>>> net-misc/openssh-3.7_p1 merged.
8	>>> clean: No packages selected for removal.
9	>>> Regenerating /etc/ld.so.cache...
10	>>> Auto-cleaning packages ...
11	>>> No outdated packages were found on your system.
12	* GNU info directory index is up-to-date.
13	* IMPORTANT: 2 config files in /etc need updating.
14	* Type emerge --help config to learn how to update config files.
15
16
17	This ebuild is working perfectly :)
18
19	junki openssh # cat openssh-3.7_p1.ebuild
20	inherit eutils
21	IUSE="ipv6 static pam tcpd kerberos selinux"
22	PARCH=${P/_/}
23	S=${WORKDIR}/${PARCH}
24	DESCRIPTION="Port of OpenBSD's free SSH release"
25	HOMEPAGE="http://www.openssh.com/"
26	SRC_URI="ftp://ftp.openbsd.org/pub/unix/OpenBSD/OpenSSH/portable/${PARCH}.tar.gz"
27
28	RDEPEND="virtual/glibc
29	pam? ( >=sys-libs/pam-0.73 >=sys-apps/shadow-4.0.2-r2 )
30	kerberos? ( app-crypt/mit-krb5 )
31	selinux? ( sys-apps/selinux-small )
32	>=dev-libs/openssl-0.9.6d
33	sys-libs/zlib"
34
35	DEPEND="${RDEPEND}
36	dev-lang/perl
37	sys-apps/groff
38	tcpd? ( >=sys-apps/tcp-wrappers-7.6 )"
39
40
41	SLOT="0"
42	LICENSE="as-is"
43	KEYWORDS="x86 ppc sparc alpha mips hppa arm amd64"
44
45	src_unpack() {
46	unpack ${PARCH}.tar.gz
47	cd ${S}
48	}
49
50	src_compile() {
51	local myconf
52	use tcpd \|\| myconf="${myconf} --without-tcp-wrappers"
53	use tcpd && myconf="${myconf} --with-tcp-wrappers"
54	use pam \|\| myconf="${myconf} --without-pam"
55	use pam && myconf="${myconf} --with-pam"
56	use ipv6 \|\| myconf="${myconf} --with-ipv4-default"
57
58	use kerberos && myconf="${myconf} --with-kerberos5"
59
60	if [ ! -z $KTH_KRB ]; then
61	myconf="${myconf} --with-kerberos4=/usr/athena"
62	fi
63
64	use selinux && CFLAGS="${CFLAGS} -DWITH_SELINUX"
65
66	./configure \
67	--prefix=/usr \
68	--sysconfdir=/etc/ssh \
69	--mandir=/usr/share/man \
70	--libexecdir=/usr/lib/misc \
71	--datadir=/usr/share/openssh \
72	--disable-suid-ssh \
73	--with-privsep-path=/var/empty \
74	--with-privsep-user=sshd \
75	--with-md5-passwords \
76	--host=${CHOST} ${myconf} \|\| die "bad configure"
77
78	if [ "`use static`" ]
79	then
80	# statically link to libcrypto -- good for the boot cd
81	perl -pi -e "s\|-lcrypto\|/usr/lib/libcrypto.a\|g" Makefile
82	fi
83
84	if [ "`use selinux`" ]
85	then
86	#add -lsecure
87	sed "s:LIBS=\(.*\):LIBS=\1 -lsecure:" < Makefile >
88	Makefile.new
89	mv Makefile.new Makefile
90	fi
91
92	emake \|\| die "compile problem"
93	}
94
95	src_install() {
96	make install-files DESTDIR=${D} \|\| die
97	chmod 600 ${D}/etc/ssh/sshd_config
98	dodoc ChangeLog CREDITS OVERVIEW README* TODO sshd_config
99	insinto /etc/pam.d ; newins ${FILESDIR}/sshd.pam sshd
100	exeinto /etc/init.d ; newexe ${FILESDIR}/sshd.rc6 sshd
101	touch ${D}/var/empty/.keep
102	}
103
104	pkg_preinst() {
105
106	userdel sshd 2> /dev/null
107	if ! groupmod sshd; then
108	groupadd -g 90 sshd 2> /dev/null \|\| \
109	die "Failed to create sshd group"
110	fi
111	useradd -u 22 -g sshd -s /dev/null -d /var/empty -c "sshd" sshd
112	\|\| \
113	die "Failed to create sshd user"
114
115	}
116
117	pkg_postinst() {
118
119	install -d -m0755 -o root -g root ${ROOT}/var/empty
120
121	if use pam >/dev/null 2>&1; then
122	einfo "Please be aware users need a valid shell in
123	/etc/passwd"
124	einfo "in order to be allowed to login."
125	einfo
126	fi
127	}
128	junki openssh #
129
130	--
131	Time : 20:07:41-16:09:2003
132	NP : Enigma (Radio Edit) - Principles Of Lust
133	SysStat : 20:07:41 up 14 days, 11:49, 2 users, load average: 2.82, 2.07,
134	1.20
135
136
137	--
138	gentoo-dev@g.o mailing list

Gentoo Archives: gentoo-dev