summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordjm@openbsd.org <djm@openbsd.org>2015-11-16 22:51:05 +0000
committerDamien Miller <djm@mindrot.org>2015-11-17 11:22:14 +1100
commit5b4010d9b923cf1b46c9c7b1887c013c2967e204 (patch)
treea07af51c808c445f6329a2adb503d1193006d853
parent3a9f84b58b0534bbb485f1eeab75665e2d03371f (diff)
upstream commit
always call privsep_preauth_child() regardless of whether sshd was started by root; it does important priming before sandboxing and failing to call it could result in sandbox violations later; ok markus@ Upstream-ID: c8a6d0d56c42f3faab38460dc917ca0d1705d383
-rw-r--r--sshd.c42
1 files changed, 19 insertions, 23 deletions
diff --git a/sshd.c b/sshd.c
index b19cc34c7..a823999b3 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshd.c,v 1.459 2015/09/04 08:21:47 dtucker Exp $ */ 1/* $OpenBSD: sshd.c,v 1.460 2015/11/16 22:51:05 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -632,25 +632,23 @@ privsep_preauth_child(void)
632 /* Demote the private keys to public keys. */ 632 /* Demote the private keys to public keys. */
633 demote_sensitive_data(); 633 demote_sensitive_data();
634 634
635 /* Change our root directory */ 635 /* Demote the child */
636 if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) 636 if (getuid() == 0 || geteuid() == 0) {
637 fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, 637 /* Change our root directory */
638 strerror(errno)); 638 if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
639 if (chdir("/") == -1) 639 fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
640 fatal("chdir(\"/\"): %s", strerror(errno)); 640 strerror(errno));
641 641 if (chdir("/") == -1)
642 /* Drop our privileges */ 642 fatal("chdir(\"/\"): %s", strerror(errno));
643 debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, 643
644 (u_int)privsep_pw->pw_gid); 644 /* Drop our privileges */
645#if 0 645 debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
646 /* XXX not ready, too heavy after chroot */ 646 (u_int)privsep_pw->pw_gid);
647 do_setusercontext(privsep_pw); 647 gidset[0] = privsep_pw->pw_gid;
648#else 648 if (setgroups(1, gidset) < 0)
649 gidset[0] = privsep_pw->pw_gid; 649 fatal("setgroups: %.100s", strerror(errno));
650 if (setgroups(1, gidset) < 0) 650 permanently_set_uid(privsep_pw);
651 fatal("setgroups: %.100s", strerror(errno)); 651 }
652 permanently_set_uid(privsep_pw);
653#endif
654} 652}
655 653
656static int 654static int
@@ -716,9 +714,7 @@ privsep_preauth(Authctxt *authctxt)
716 /* Arrange for logging to be sent to the monitor */ 714 /* Arrange for logging to be sent to the monitor */
717 set_log_handler(mm_log_handler, pmonitor); 715 set_log_handler(mm_log_handler, pmonitor);
718 716
719 /* Demote the child */ 717 privsep_preauth_child();
720 if (getuid() == 0 || geteuid() == 0)
721 privsep_preauth_child();
722 setproctitle("%s", "[net]"); 718 setproctitle("%s", "[net]");
723 if (box != NULL) 719 if (box != NULL)
724 ssh_sandbox_child(box); 720 ssh_sandbox_child(box);