Allow users's own gid in pty permission check

This allows non-root Dropbear to work even without devpts gid=5 mount option on Linux.
author: Matt Johnston <matt@ucc.asn.au> 2022-12-07 13:04:10 +0800
committer: Matt Johnston <matt@ucc.asn.au> 2022-12-07 13:04:10 +0800
commit: 860721558837441ab45019858e710a2625ffa46e (patch)
tree: b2ccb96523a796bbfb2de2ce864bbf797ad1d50f
parent: c043efb47c3173072fa636ca0da0d19875d4511f (diff)
download: dropbear-860721558837441ab45019858e710a2625ffa46e.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/sshpty.c b/sshpty.c
index fceb7fd..9f12d67 100644
--- a/sshpty.c
+++ b/sshpty.c
@@ -380,7 +380,9 @@ pty_setowner(struct passwd *pw, const char *tty_name)
 				tty_name, strerror(errno));
 	}
 
-	if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
+	/* Allow either "tty" gid or user's own gid. On Linux with openpty()
+	 * this varies depending on the devpts mount options */
+	if (st.st_uid != pw->pw_uid || !(st.st_gid == gid || st.st_gid == pw->pw_gid)) {
 		if (chown(tty_name, pw->pw_uid, gid) < 0) {
 			if (errno == EROFS &&
 			    (st.st_uid == pw->pw_uid || st.st_uid == 0)) {
author	Matt Johnston <matt@ucc.asn.au>	2022-12-07 13:04:10 +0800
committer	Matt Johnston <matt@ucc.asn.au>	2022-12-07 13:04:10 +0800
commit	860721558837441ab45019858e710a2625ffa46e (patch)
tree	b2ccb96523a796bbfb2de2ce864bbf797ad1d50f
parent	c043efb47c3173072fa636ca0da0d19875d4511f (diff)
download	dropbear-860721558837441ab45019858e710a2625ffa46e.tar.gz