openssh: do not run getpwnam

termux · Jul 5, 2024 · 2f70203 · 2f70203
1 parent f6f30e0
commit 2f70203
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 2 deletions.
diff --git a/packages/openssh/build.sh b/packages/openssh/build.sh
@@ -3,7 +3,7 @@ TERMUX_PKG_DESCRIPTION="Secure shell for logging into a remote machine"
 TERMUX_PKG_LICENSE="BSD"
 TERMUX_PKG_MAINTAINER="@termux"
 TERMUX_PKG_VERSION="9.8p1"
-TERMUX_PKG_REVISION=3
+TERMUX_PKG_REVISION=4
 TERMUX_PKG_SRCURL=https://github.com/openssh/openssh-portable/archive/refs/tags/V_$(sed 's/\./_/g; s/p/_P/g' <<< $TERMUX_PKG_VERSION).tar.gz
 TERMUX_PKG_SHA256=d8f6802914e4c344dc74599c29915651554bb318102d71cb4063e1f4a0d8286f
 TERMUX_PKG_AUTO_UPDATE=true

diff --git a/packages/openssh/sshd-session.c.patch b/packages/openssh/sshd-session.c.patch
@@ -0,0 +1,36 @@
+https://github.com/termux/termux-packages/issues/20774
+
+--- a/sshd-session.c
++++ b/sshd-session.c
+@@ -308,6 +308,7 @@
+ 		if (chdir("/") == -1)
+ 			fatal("chdir(\"/\"): %s", strerror(errno));
+
++#ifndef __ANDROID__
+ 		/* Drop our privileges */
+ 		debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
+ 		    (u_int)privsep_pw->pw_gid);
+@@ -315,6 +316,7 @@
+ 		if (setgroups(1, gidset) == -1)
+ 			fatal("setgroups: %.100s", strerror(errno));
+ 		permanently_set_uid(privsep_pw);
++#endif
+ 	}
+ }
+
+@@ -1074,6 +1076,7 @@
+
+ 	/* Store privilege separation user for later use if required. */
+ 	privsep_chroot = (getuid() == 0 || geteuid() == 0);
++#ifndef __ANDROID__
+ 	if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+ 		if (privsep_chroot || options.kerberos_authentication)
+ 			fatal("Privilege separation user %s does not exist",
+@@ -1084,6 +1087,7 @@
+ 		privsep_pw->pw_passwd = xstrdup("*");
+ 	}
+ 	endpwent();
++#endif
+
+ 	if (!debug_flag) {
+ 		startup_pipe = dup(REEXEC_STARTUP_PIPE_FD);
diff --git a/packages/openssh/sshd.c.patch b/packages/openssh/sshd.c.patch
@@ -6,7 +6,7 @@ diff -uNr openssh-portable-V_9_8_P1/sshd.c openssh-portable-V_9_8_P1.mod/sshd.c
  	rexec_argc = ac;
  	saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
 -	for (i = 0; (int)i < ac; i++)
-+	saved_argv[0] = "@TERMUX_PREFIX@/bin/sshd";
++	saved_argv[0] = xstrdup("@TERMUX_PREFIX@/bin/sshd");
 +	for (i = 1; (int)i < ac; i++)
  		saved_argv[i] = xstrdup(av[i]);
  	saved_argv[i] = NULL;