diff options
author | Damien Miller <djm@mindrot.org> | 2006-06-13 13:05:15 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2006-06-13 13:05:15 +1000 |
commit | 6b4069ad563ce578cbfa6f90e76b462d26483e67 (patch) | |
tree | 777206b388f2ef12b83275d4aeb78e96cdea1bdd | |
parent | eb13e556e58a52a3ff0c734a8690ad41686cf92c (diff) |
- markus@cvs.openbsd.org 2006/06/06 10:20:20
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
replace remaining setuid() calls with permanently_set_uid() and
check seteuid() return values; report Marcus Meissner; ok dtucker djm
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | readpass.c | 6 | ||||
-rw-r--r-- | sshconnect.c | 5 | ||||
-rw-r--r-- | sshconnect.h | 22 | ||||
-rw-r--r-- | sshconnect2.c | 6 | ||||
-rw-r--r-- | uidswap.c | 4 |
6 files changed, 29 insertions, 20 deletions
@@ -38,6 +38,10 @@ | |||
38 | [sshd.c] | 38 | [sshd.c] |
39 | call get_remote_ipaddr() early; fixes logging after client disconnects; | 39 | call get_remote_ipaddr() early; fixes logging after client disconnects; |
40 | report mpf@; ok dtucker@ | 40 | report mpf@; ok dtucker@ |
41 | - markus@cvs.openbsd.org 2006/06/06 10:20:20 | ||
42 | [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] | ||
43 | replace remaining setuid() calls with permanently_set_uid() and | ||
44 | check seteuid() return values; report Marcus Meissner; ok dtucker djm | ||
41 | 45 | ||
42 | 20060521 | 46 | 20060521 |
43 | - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor | 47 | - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor |
@@ -4671,4 +4675,4 @@ | |||
4671 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM | 4675 | - (djm) Trim deprecated options from INSTALL. Mention UsePAM |
4672 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu | 4676 | - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu |
4673 | 4677 | ||
4674 | $Id: ChangeLog,v 1.4340 2006/06/13 03:03:53 djm Exp $ | 4678 | $Id: ChangeLog,v 1.4341 2006/06/13 03:05:15 djm Exp $ |
diff --git a/readpass.c b/readpass.c index c3d36a028..60e4a902f 100644 --- a/readpass.c +++ b/readpass.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: readpass.c,v 1.37 2006/03/25 13:17:02 djm Exp $ */ | 1 | /* $OpenBSD: readpass.c,v 1.38 2006/06/06 10:20:20 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2001 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -37,6 +37,7 @@ | |||
37 | #include "pathnames.h" | 37 | #include "pathnames.h" |
38 | #include "log.h" | 38 | #include "log.h" |
39 | #include "ssh.h" | 39 | #include "ssh.h" |
40 | #include "uidswap.h" | ||
40 | 41 | ||
41 | static char * | 42 | static char * |
42 | ssh_askpass(char *askpass, const char *msg) | 43 | ssh_askpass(char *askpass, const char *msg) |
@@ -60,8 +61,7 @@ ssh_askpass(char *askpass, const char *msg) | |||
60 | return NULL; | 61 | return NULL; |
61 | } | 62 | } |
62 | if (pid == 0) { | 63 | if (pid == 0) { |
63 | seteuid(getuid()); | 64 | permanently_set_uid(getpwuid(getuid())); |
64 | setuid(getuid()); | ||
65 | close(p[0]); | 65 | close(p[0]); |
66 | if (dup2(p[1], STDOUT_FILENO) < 0) | 66 | if (dup2(p[1], STDOUT_FILENO) < 0) |
67 | fatal("ssh_askpass: dup2: %s", strerror(errno)); | 67 | fatal("ssh_askpass: dup2: %s", strerror(errno)); |
diff --git a/sshconnect.c b/sshconnect.c index e855f1926..41ad82f9f 100644 --- a/sshconnect.c +++ b/sshconnect.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.c,v 1.182 2006/05/17 12:43:34 markus Exp $ */ | 1 | /* $OpenBSD: sshconnect.c,v 1.183 2006/06/06 10:20:20 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -97,8 +97,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) | |||
97 | char *argv[10]; | 97 | char *argv[10]; |
98 | 98 | ||
99 | /* Child. Permanently give up superuser privileges. */ | 99 | /* Child. Permanently give up superuser privileges. */ |
100 | seteuid(original_real_uid); | 100 | permanently_set_uid(getpwuid(original_real_uid)); |
101 | setuid(original_real_uid); | ||
102 | 101 | ||
103 | /* Redirect stdin and stdout. */ | 102 | /* Redirect stdin and stdout. */ |
104 | close(pin[1]); | 103 | close(pin[1]); |
diff --git a/sshconnect.h b/sshconnect.h index 3786ba56e..692d27567 100644 --- a/sshconnect.h +++ b/sshconnect.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect.h,v 1.19 2006/03/25 22:22:43 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect.h,v 1.20 2006/06/06 10:20:20 markus Exp $ */ |
2 | 2 | ||
3 | /* | 3 | /* |
4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 4 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
@@ -54,16 +54,20 @@ int ssh_local_cmd(const char *); | |||
54 | /* | 54 | /* |
55 | * Macros to raise/lower permissions. | 55 | * Macros to raise/lower permissions. |
56 | */ | 56 | */ |
57 | #define PRIV_START do { \ | 57 | #define PRIV_START do { \ |
58 | int save_errno = errno; \ | 58 | int save_errno = errno; \ |
59 | (void)seteuid(original_effective_uid); \ | 59 | if (seteuid(original_effective_uid) != 0) \ |
60 | errno = save_errno; \ | 60 | fatal("PRIV_START: seteuid: %s", \ |
61 | strerror(errno)); \ | ||
62 | errno = save_errno; \ | ||
61 | } while (0) | 63 | } while (0) |
62 | 64 | ||
63 | #define PRIV_END do { \ | 65 | #define PRIV_END do { \ |
64 | int save_errno = errno; \ | 66 | int save_errno = errno; \ |
65 | (void)seteuid(original_real_uid); \ | 67 | if (seteuid(original_real_uid) != 0) \ |
66 | errno = save_errno; \ | 68 | fatal("PRIV_END: seteuid: %s", \ |
69 | strerror(errno)); \ | ||
70 | errno = save_errno; \ | ||
67 | } while (0) | 71 | } while (0) |
68 | 72 | ||
69 | #endif | 73 | #endif |
diff --git a/sshconnect2.c b/sshconnect2.c index 53cf25762..c97738c7b 100644 --- a/sshconnect2.c +++ b/sshconnect2.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: sshconnect2.c,v 1.153 2006/05/08 10:49:48 djm Exp $ */ | 1 | /* $OpenBSD: sshconnect2.c,v 1.154 2006/06/06 10:20:20 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | 3 | * Copyright (c) 2000 Markus Friedl. All rights reserved. |
4 | * | 4 | * |
@@ -53,6 +53,7 @@ | |||
53 | #include "canohost.h" | 53 | #include "canohost.h" |
54 | #include "msg.h" | 54 | #include "msg.h" |
55 | #include "pathnames.h" | 55 | #include "pathnames.h" |
56 | #include "uidswap.h" | ||
56 | 57 | ||
57 | #ifdef GSSAPI | 58 | #ifdef GSSAPI |
58 | #include "ssh-gss.h" | 59 | #include "ssh-gss.h" |
@@ -1252,8 +1253,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, | |||
1252 | return -1; | 1253 | return -1; |
1253 | } | 1254 | } |
1254 | if (pid == 0) { | 1255 | if (pid == 0) { |
1255 | seteuid(getuid()); | 1256 | permanently_set_uid(getpwuid(getuid())); |
1256 | setuid(getuid()); | ||
1257 | close(from[0]); | 1257 | close(from[0]); |
1258 | if (dup2(from[1], STDOUT_FILENO) < 0) | 1258 | if (dup2(from[1], STDOUT_FILENO) < 0) |
1259 | fatal("ssh_keysign: dup2: %s", strerror(errno)); | 1259 | fatal("ssh_keysign: dup2: %s", strerror(errno)); |
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: uidswap.c,v 1.27 2006/04/22 04:06:51 djm Exp $ */ | 1 | /* $OpenBSD: uidswap.c,v 1.28 2006/06/06 10:20:20 markus Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -169,6 +169,8 @@ permanently_set_uid(struct passwd *pw) | |||
169 | uid_t old_uid = getuid(); | 169 | uid_t old_uid = getuid(); |
170 | gid_t old_gid = getgid(); | 170 | gid_t old_gid = getgid(); |
171 | 171 | ||
172 | if (pw == NULL) | ||
173 | fatal("permanently_set_uid: no user given"); | ||
172 | if (temporarily_use_uid_effective) | 174 | if (temporarily_use_uid_effective) |
173 | fatal("permanently_set_uid: temporarily_use_uid effective"); | 175 | fatal("permanently_set_uid: temporarily_use_uid effective"); |
174 | debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, | 176 | debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, |