diff options
| author | Damien Miller <djm@mindrot.org> | 2001-02-26 20:49:58 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2001-02-26 20:49:58 +1100 |
| commit | bb7c97620278ae97f52bbd50948734b6b355bcc2 (patch) | |
| tree | e1413fd72348ea50aaf57e9b9705f4e394b690f1 | |
| parent | 63941f9631b8316d57d54e0ef7484c66bb1c1b7d (diff) | |
- (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
Based on patch from Tim Rice <tim@multitalents.net>
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | acconfig.h | 5 | ||||
| -rw-r--r-- | configure.in | 5 | ||||
| -rw-r--r-- | entropy.c | 23 |
4 files changed, 33 insertions, 4 deletions
| @@ -1,5 +1,7 @@ | |||
| 1 | 20010226 | 1 | 20010226 |
| 2 | - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again. | 2 | - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again. |
| 3 | - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics. | ||
| 4 | Based on patch from Tim Rice <tim@multitalents.net> | ||
| 3 | 5 | ||
| 4 | 20010225 | 6 | 20010225 |
| 5 | - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile | 7 | - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile |
| @@ -4129,4 +4131,4 @@ | |||
| 4129 | - Wrote replacements for strlcpy and mkdtemp | 4131 | - Wrote replacements for strlcpy and mkdtemp |
| 4130 | - Released 1.0pre1 | 4132 | - Released 1.0pre1 |
| 4131 | 4133 | ||
| 4132 | $Id: ChangeLog,v 1.822 2001/02/25 23:20:40 mouring Exp $ | 4134 | $Id: ChangeLog,v 1.823 2001/02/26 09:49:58 djm Exp $ |
diff --git a/acconfig.h b/acconfig.h index 01dfb4b6d..5617d8317 100644 --- a/acconfig.h +++ b/acconfig.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $Id: acconfig.h,v 1.103 2001/02/24 21:41:10 mouring Exp $ */ | 1 | /* $Id: acconfig.h,v 1.104 2001/02/26 09:49:59 djm Exp $ */ |
| 2 | 2 | ||
| 3 | #ifndef _CONFIG_H | 3 | #ifndef _CONFIG_H |
| 4 | #define _CONFIG_H | 4 | #define _CONFIG_H |
| @@ -296,6 +296,9 @@ | |||
| 296 | /* Define if X11 doesn't support AF_UNIX sockets on that system */ | 296 | /* Define if X11 doesn't support AF_UNIX sockets on that system */ |
| 297 | #undef NO_X11_UNIX_SOCKETS | 297 | #undef NO_X11_UNIX_SOCKETS |
| 298 | 298 | ||
| 299 | /* Needed for SCO and NeXT */ | ||
| 300 | #undef SAVED_IDS_WORK_WITH_SETEUID | ||
| 301 | |||
| 299 | @BOTTOM@ | 302 | @BOTTOM@ |
| 300 | 303 | ||
| 301 | /* ******************* Shouldn't need to edit below this line ************** */ | 304 | /* ******************* Shouldn't need to edit below this line ************** */ |
diff --git a/configure.in b/configure.in index 4ed1eb7c5..7f571bbdf 100644 --- a/configure.in +++ b/configure.in | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | # $Id: configure.in,v 1.253 2001/02/24 21:41:11 mouring Exp $ | 1 | # $Id: configure.in,v 1.254 2001/02/26 09:49:59 djm Exp $ |
| 2 | 2 | ||
| 3 | AC_INIT(ssh.c) | 3 | AC_INIT(ssh.c) |
| 4 | 4 | ||
| @@ -152,6 +152,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
| 152 | AC_DEFINE(HAVE_NEXT) | 152 | AC_DEFINE(HAVE_NEXT) |
| 153 | AC_DEFINE(BROKEN_REALPATH) | 153 | AC_DEFINE(BROKEN_REALPATH) |
| 154 | AC_DEFINE(USE_PIPES) | 154 | AC_DEFINE(USE_PIPES) |
| 155 | AC_DEFINE(SAVED_IDS_WORK_WITH_SETEUID) | ||
| 155 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" | 156 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" |
| 156 | CFLAGS="$CFLAGS" | 157 | CFLAGS="$CFLAGS" |
| 157 | ;; | 158 | ;; |
| @@ -238,6 +239,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
| 238 | AC_DEFINE(HAVE_SCO_PROTECTED_PW) | 239 | AC_DEFINE(HAVE_SCO_PROTECTED_PW) |
| 239 | AC_DEFINE(DISABLE_SHADOW) | 240 | AC_DEFINE(DISABLE_SHADOW) |
| 240 | AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) | 241 | AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) |
| 242 | AC_DEFINE(SAVED_IDS_WORK_WITH_SETEUID) | ||
| 241 | AC_CHECK_FUNCS(getluid setluid) | 243 | AC_CHECK_FUNCS(getluid setluid) |
| 242 | ;; | 244 | ;; |
| 243 | *-*-sco3.2v5*) | 245 | *-*-sco3.2v5*) |
| @@ -252,6 +254,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
| 252 | AC_DEFINE(HAVE_SCO_PROTECTED_PW) | 254 | AC_DEFINE(HAVE_SCO_PROTECTED_PW) |
| 253 | AC_DEFINE(DISABLE_SHADOW) | 255 | AC_DEFINE(DISABLE_SHADOW) |
| 254 | AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) | 256 | AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) |
| 257 | AC_DEFINE(SAVED_IDS_WORK_WITH_SETEUID) | ||
| 255 | AC_CHECK_FUNCS(getluid setluid) | 258 | AC_CHECK_FUNCS(getluid setluid) |
| 256 | ;; | 259 | ;; |
| 257 | *-dec-osf*) | 260 | *-dec-osf*) |
| @@ -39,7 +39,7 @@ | |||
| 39 | #include "pathnames.h" | 39 | #include "pathnames.h" |
| 40 | #include "log.h" | 40 | #include "log.h" |
| 41 | 41 | ||
| 42 | RCSID("$Id: entropy.c,v 1.29 2001/02/18 11:34:32 stevesk Exp $"); | 42 | RCSID("$Id: entropy.c,v 1.30 2001/02/26 09:49:59 djm Exp $"); |
| 43 | 43 | ||
| 44 | #ifndef offsetof | 44 | #ifndef offsetof |
| 45 | # define offsetof(type, member) ((size_t) &((type *)0)->member) | 45 | # define offsetof(type, member) ((size_t) &((type *)0)->member) |
| @@ -825,13 +825,34 @@ void init_rng(void) | |||
| 825 | prng_seed_saved = 0; | 825 | prng_seed_saved = 0; |
| 826 | 826 | ||
| 827 | /* Give up privs while reading seed file */ | 827 | /* Give up privs while reading seed file */ |
| 828 | #ifdef SAVED_IDS_WORK_WITH_SETEUID | ||
| 828 | if ((original_uid != original_euid) && (seteuid(original_uid) == -1)) | 829 | if ((original_uid != original_euid) && (seteuid(original_uid) == -1)) |
| 829 | fatal("Couldn't give up privileges"); | 830 | fatal("Couldn't give up privileges"); |
| 831 | #else /* SAVED_IDS_WORK_WITH_SETEUID */ | ||
| 832 | /* | ||
| 833 | * Propagate the privileged uid to all of our uids. | ||
| 834 | * Set the effective uid to the given (unprivileged) uid. | ||
| 835 | */ | ||
| 836 | if (original_uid != original_euid && setuid(original_euid) == -1 || | ||
| 837 | seteuid(original_uid) == -1) | ||
| 838 | fatal("Couldn't give up privileges"); | ||
| 839 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ | ||
| 830 | 840 | ||
| 831 | prng_read_seedfile(); | 841 | prng_read_seedfile(); |
| 832 | 842 | ||
| 843 | #ifdef SAVED_IDS_WORK_WITH_SETEUID | ||
| 833 | if ((original_uid != original_euid) && (seteuid(original_euid) == -1)) | 844 | if ((original_uid != original_euid) && (seteuid(original_euid) == -1)) |
| 834 | fatal("Couldn't restore privileges"); | 845 | fatal("Couldn't restore privileges"); |
| 846 | #else /* SAVED_IDS_WORK_WITH_SETEUID */ | ||
| 847 | /* | ||
| 848 | * We are unable to restore the real uid to its unprivileged value. | ||
| 849 | * Propagate the real uid (usually more privileged) to effective uid | ||
| 850 | * as well. | ||
| 851 | */ | ||
| 852 | if (original_uid != original_euid && seteuid(original_euid) == -1 || | ||
| 853 | setuid(original_uid) == -1) | ||
| 854 | fatal("Couldn't restore privileges"); | ||
| 855 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ | ||
| 835 | 856 | ||
| 836 | fatal_add_cleanup(prng_seed_cleanup, NULL); | 857 | fatal_add_cleanup(prng_seed_cleanup, NULL); |
| 837 | atexit(prng_write_seedfile); | 858 | atexit(prng_write_seedfile); |