Re: wrong group set when sftp

From: security security (security.intrusion_at_gmail.com)
Date: 05/28/05

  • Next message: Darren Tucker: "Re: wrong group set when sftp" 
    Date: Sat, 28 May 2005 10:10:16 +0300
To: secureshell@securityfocus.com

    yes, you're right. it was set guid and set uid

    >ls -l
    -rwsr-sr-x 1 root root 167805 May 19 09:29 sftp-server

    When changed setguid and setuid to x, everything seems to be ok. The
    user and group
    id's are correct in /proc/pid/status.

    Thanks a lot... 

    ----
Note:  When sending messages to group  5-6 strange undeliverable
reports are coming in chinese or in russian. who's dealing with that
problem?
On 5/27/05, Darren Tucker <dtucker@zip.com.au> wrote:
> security security wrote:
> > Yes i use PAM...
> 
> Does the problem occur running sshd with UsePAM=no?
> [...]
> > Name:   sftp-server
> > State:  S (sleeping)
> > Tgid:   18414
> > Pid:    18414
> > PPid:   18413
> > TracerPid:      0
> > Uid:    508     508     508     508
> > Gid:    528     0       0       0
> [...]
> > Should all the gid's be 528, or is it normal?  Its parent seems to be ok.
> 
> It's not normal, sftp-server runs as a pure user process and the gids
> should all be 528.
> 
> Since the parent has gids all 528, the only way I can see for this to
> happen (barring kernel bugs) is if sftp-server is setgid 0.. what does
> ls -l /path/to/sftp-server" say?
> 
> --
> Darren Tucker (dtucker at zip.com.au)
> GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
>      Good judgement comes with experience. Unfortunately, the experience
> usually comes from bad judgement.
>
  • Next message: Darren Tucker: "Re: wrong group set when sftp"