package/network/services/dropbear/patches/004-allow-users-s-own-gid-in-pty-permission-check.patch

   1 From 860721558837441ab45019858e710a2625ffa46e Mon Sep 17 00:00:00 2001
   2 From: Matt Johnston <matt@ucc.asn.au>
   3 Date: Wed, 7 Dec 2022 13:04:10 +0800
   4 Subject: Allow users's own gid in pty permission check
   5
   6 This allows non-root Dropbear to work even without devpts gid=5 mount
   7 option on Linux.
   8 ---
   9  sshpty.c | 4 +++-
  10  1 file changed, 3 insertions(+), 1 deletion(-)
  11
  12 --- a/sshpty.c
  13 +++ b/sshpty.c
  14 @@ -380,7 +380,9 @@ pty_setowner(struct passwd *pw, const ch
  15                                 tty_name, strerror(errno));
  16         }
  17
  18 -       if (st.st_uid != pw->pw_uid || st.st_gid != gid) {
  19 +       /* Allow either "tty" gid or user's own gid. On Linux with openpty()
  20 +        * this varies depending on the devpts mount options */
  21 +       if (st.st_uid != pw->pw_uid || !(st.st_gid == gid || st.st_gid == pw->pw_gid)) {
  22                 if (chown(tty_name, pw->pw_uid, gid) < 0) {
  23                         if (errno == EROFS &&
  24                             (st.st_uid == pw->pw_uid || st.st_uid == 0)) {