Closed fossfreedom closed 7 months ago
After changing common flags to align with what is specified in the C code and going through the usual build + install process, I can confirm under Fedora Budgie Spin (39) that toggling sharing does in fact turn off remote login and that prior behavior left sshd.service as active. Of course, turning if off using the "Remote Login" toggle worked in both cases, but only with the fix did this work when turning off sharing entirely.
Description
original author Alex Murray alex.murray@canonical.com Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/gnome-control-center/+bug/2039577
To test:
without the patch install openssh-server then in BCC - sharing - enable remote login
ssh to the remote host - this will work then in BCC - sharing - disable remote login
ssh to the remote host - still can login remotely. This is the CVE issue
install the patch and compile - remember to use those CPPFLAGS otherwise remote login row in BCC will disappear
Repeat the test above - ssh to the remote host will now be enabled/disabled depending upon whether the sharing is enabled/disabled as appropriate.
This is the patch Ubuntu will be including in 24.04. Needs testing on other distros before merging. Upstream (to-date) have not merged this patch.
NOTE: From upstream most distros use SSH 'eager' connections by default. Ubuntu uses socket based connections. Upstream are debating build (example code given) vs runtime support (without example code). So I've included the build approach via a meson option - eager based connections is the default, socket based distros such as ubuntu are the exception.
Submitter Checklist
git rebase -i
(if needed)