summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2006-06-13 13:05:15 +1000
committerDamien Miller <djm@mindrot.org>2006-06-13 13:05:15 +1000
commit6b4069ad563ce578cbfa6f90e76b462d26483e67 (patch)
tree777206b388f2ef12b83275d4aeb78e96cdea1bdd
parenteb13e556e58a52a3ff0c734a8690ad41686cf92c (diff)
- markus@cvs.openbsd.org 2006/06/06 10:20:20
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] replace remaining setuid() calls with permanently_set_uid() and check seteuid() return values; report Marcus Meissner; ok dtucker djm
-rw-r--r--ChangeLog6
-rw-r--r--readpass.c6
-rw-r--r--sshconnect.c5
-rw-r--r--sshconnect.h22
-rw-r--r--sshconnect2.c6
-rw-r--r--uidswap.c4
6 files changed, 29 insertions, 20 deletions
diff --git a/ChangeLog b/ChangeLog
index 7dfcb45e5..7c30a33ac 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -38,6 +38,10 @@
38 [sshd.c] 38 [sshd.c]
39 call get_remote_ipaddr() early; fixes logging after client disconnects; 39 call get_remote_ipaddr() early; fixes logging after client disconnects;
40 report mpf@; ok dtucker@ 40 report mpf@; ok dtucker@
41 - markus@cvs.openbsd.org 2006/06/06 10:20:20
42 [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
43 replace remaining setuid() calls with permanently_set_uid() and
44 check seteuid() return values; report Marcus Meissner; ok dtucker djm
41 45
4220060521 4620060521
43 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor 47 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
@@ -4671,4 +4675,4 @@
4671 - (djm) Trim deprecated options from INSTALL. Mention UsePAM 4675 - (djm) Trim deprecated options from INSTALL. Mention UsePAM
4672 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu 4676 - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
4673 4677
4674$Id: ChangeLog,v 1.4340 2006/06/13 03:03:53 djm Exp $ 4678$Id: ChangeLog,v 1.4341 2006/06/13 03:05:15 djm Exp $
diff --git a/readpass.c b/readpass.c
index c3d36a028..60e4a902f 100644
--- a/readpass.c
+++ b/readpass.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readpass.c,v 1.37 2006/03/25 13:17:02 djm Exp $ */ 1/* $OpenBSD: readpass.c,v 1.38 2006/06/06 10:20:20 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2001 Markus Friedl. All rights reserved. 3 * Copyright (c) 2001 Markus Friedl. All rights reserved.
4 * 4 *
@@ -37,6 +37,7 @@
37#include "pathnames.h" 37#include "pathnames.h"
38#include "log.h" 38#include "log.h"
39#include "ssh.h" 39#include "ssh.h"
40#include "uidswap.h"
40 41
41static char * 42static char *
42ssh_askpass(char *askpass, const char *msg) 43ssh_askpass(char *askpass, const char *msg)
@@ -60,8 +61,7 @@ ssh_askpass(char *askpass, const char *msg)
60 return NULL; 61 return NULL;
61 } 62 }
62 if (pid == 0) { 63 if (pid == 0) {
63 seteuid(getuid()); 64 permanently_set_uid(getpwuid(getuid()));
64 setuid(getuid());
65 close(p[0]); 65 close(p[0]);
66 if (dup2(p[1], STDOUT_FILENO) < 0) 66 if (dup2(p[1], STDOUT_FILENO) < 0)
67 fatal("ssh_askpass: dup2: %s", strerror(errno)); 67 fatal("ssh_askpass: dup2: %s", strerror(errno));
diff --git a/sshconnect.c b/sshconnect.c
index e855f1926..41ad82f9f 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.182 2006/05/17 12:43:34 markus Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.183 2006/06/06 10:20:20 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -97,8 +97,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
97 char *argv[10]; 97 char *argv[10];
98 98
99 /* Child. Permanently give up superuser privileges. */ 99 /* Child. Permanently give up superuser privileges. */
100 seteuid(original_real_uid); 100 permanently_set_uid(getpwuid(original_real_uid));
101 setuid(original_real_uid);
102 101
103 /* Redirect stdin and stdout. */ 102 /* Redirect stdin and stdout. */
104 close(pin[1]); 103 close(pin[1]);
diff --git a/sshconnect.h b/sshconnect.h
index 3786ba56e..692d27567 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.h,v 1.19 2006/03/25 22:22:43 djm Exp $ */ 1/* $OpenBSD: sshconnect.h,v 1.20 2006/06/06 10:20:20 markus Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000 Markus Friedl. All rights reserved. 4 * Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -54,16 +54,20 @@ int ssh_local_cmd(const char *);
54/* 54/*
55 * Macros to raise/lower permissions. 55 * Macros to raise/lower permissions.
56 */ 56 */
57#define PRIV_START do { \ 57#define PRIV_START do { \
58 int save_errno = errno; \ 58 int save_errno = errno; \
59 (void)seteuid(original_effective_uid); \ 59 if (seteuid(original_effective_uid) != 0) \
60 errno = save_errno; \ 60 fatal("PRIV_START: seteuid: %s", \
61 strerror(errno)); \
62 errno = save_errno; \
61} while (0) 63} while (0)
62 64
63#define PRIV_END do { \ 65#define PRIV_END do { \
64 int save_errno = errno; \ 66 int save_errno = errno; \
65 (void)seteuid(original_real_uid); \ 67 if (seteuid(original_real_uid) != 0) \
66 errno = save_errno; \ 68 fatal("PRIV_END: seteuid: %s", \
69 strerror(errno)); \
70 errno = save_errno; \
67} while (0) 71} while (0)
68 72
69#endif 73#endif
diff --git a/sshconnect2.c b/sshconnect2.c
index 53cf25762..c97738c7b 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.153 2006/05/08 10:49:48 djm Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.154 2006/06/06 10:20:20 markus Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * 4 *
@@ -53,6 +53,7 @@
53#include "canohost.h" 53#include "canohost.h"
54#include "msg.h" 54#include "msg.h"
55#include "pathnames.h" 55#include "pathnames.h"
56#include "uidswap.h"
56 57
57#ifdef GSSAPI 58#ifdef GSSAPI
58#include "ssh-gss.h" 59#include "ssh-gss.h"
@@ -1252,8 +1253,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
1252 return -1; 1253 return -1;
1253 } 1254 }
1254 if (pid == 0) { 1255 if (pid == 0) {
1255 seteuid(getuid()); 1256 permanently_set_uid(getpwuid(getuid()));
1256 setuid(getuid());
1257 close(from[0]); 1257 close(from[0]);
1258 if (dup2(from[1], STDOUT_FILENO) < 0) 1258 if (dup2(from[1], STDOUT_FILENO) < 0)
1259 fatal("ssh_keysign: dup2: %s", strerror(errno)); 1259 fatal("ssh_keysign: dup2: %s", strerror(errno));
diff --git a/uidswap.c b/uidswap.c
index 6dc1680db..ba2d20942 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: uidswap.c,v 1.27 2006/04/22 04:06:51 djm Exp $ */ 1/* $OpenBSD: uidswap.c,v 1.28 2006/06/06 10:20:20 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -169,6 +169,8 @@ permanently_set_uid(struct passwd *pw)
169 uid_t old_uid = getuid(); 169 uid_t old_uid = getuid();
170 gid_t old_gid = getgid(); 170 gid_t old_gid = getgid();
171 171
172 if (pw == NULL)
173 fatal("permanently_set_uid: no user given");
172 if (temporarily_use_uid_effective) 174 if (temporarily_use_uid_effective)
173 fatal("permanently_set_uid: temporarily_use_uid effective"); 175 fatal("permanently_set_uid: temporarily_use_uid effective");
174 debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, 176 debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,