summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2003-06-02 19:09:48 +1000
committerDamien Miller <djm@mindrot.org>2003-06-02 19:09:48 +1000
commit61d3680acab4704db04b94983d0bc3ac1fbecd84 (patch)
tree2a70047a2b6d64590c11c6321952cbe9cde1208f
parentab2db41b6173565461b73f48e97d94ffe0ab9353 (diff)
- deraadt@cvs.openbsd.org 2003/05/29 16:58:45
[sshd.c uidswap.c] seteuid and setegid; markus ok
-rw-r--r--ChangeLog5
-rw-r--r--sshd.c6
-rw-r--r--uidswap.c6
3 files changed, 13 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index e2989c425..f65b751d4 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -12,6 +12,9 @@
12 - djm@cvs.openbsd.org 2003/05/26 12:54:40 12 - djm@cvs.openbsd.org 2003/05/26 12:54:40
13 [sshconnect.c] 13 [sshconnect.c]
14 fix format strings; ok markus@ 14 fix format strings; ok markus@
15 - deraadt@cvs.openbsd.org 2003/05/29 16:58:45
16 [sshd.c uidswap.c]
17 seteuid and setegid; markus ok
15 18
1620030530 1920030530
17 - (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at 20 - (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at
@@ -1638,4 +1641,4 @@
1638 save auth method before monitor_reset_key_state(); bugzilla bug #284; 1641 save auth method before monitor_reset_key_state(); bugzilla bug #284;
1639 ok provos@ 1642 ok provos@
1640 1643
1641$Id: ChangeLog,v 1.2761 2003/06/02 09:09:13 djm Exp $ 1644$Id: ChangeLog,v 1.2762 2003/06/02 09:09:48 djm Exp $
diff --git a/sshd.c b/sshd.c
index 8226d9578..e73135c7b 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
42 */ 42 */
43 43
44#include "includes.h" 44#include "includes.h"
45RCSID("$OpenBSD: sshd.c,v 1.266 2003/05/24 09:30:40 djm Exp $"); 45RCSID("$OpenBSD: sshd.c,v 1.267 2003/05/29 16:58:45 deraadt Exp $");
46 46
47#include <openssl/dh.h> 47#include <openssl/dh.h>
48#include <openssl/bn.h> 48#include <openssl/bn.h>
@@ -564,8 +564,10 @@ privsep_preauth_child(void)
564 do_setusercontext(pw); 564 do_setusercontext(pw);
565#else 565#else
566 gidset[0] = pw->pw_gid; 566 gidset[0] = pw->pw_gid;
567 if (setegid(pw->pw_gid) < 0)
568 fatal("setegid failed for %u", (u_int)pw->pw_gid);
567 if (setgid(pw->pw_gid) < 0) 569 if (setgid(pw->pw_gid) < 0)
568 fatal("setgid failed for %u", (u_int)pw->pw_gid ); 570 fatal("setgid failed for %u", (u_int)pw->pw_gid);
569 if (setgroups(1, gidset) < 0) 571 if (setgroups(1, gidset) < 0)
570 fatal("setgroups: %.100s", strerror(errno)); 572 fatal("setgroups: %.100s", strerror(errno));
571 permanently_set_uid(pw); 573 permanently_set_uid(pw);
diff --git a/uidswap.c b/uidswap.c
index 86c61a4b0..db6253259 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -12,7 +12,7 @@
12 */ 12 */
13 13
14#include "includes.h" 14#include "includes.h"
15RCSID("$OpenBSD: uidswap.c,v 1.23 2002/07/15 17:15:31 stevesk Exp $"); 15RCSID("$OpenBSD: uidswap.c,v 1.24 2003/05/29 16:58:45 deraadt Exp $");
16 16
17#include "log.h" 17#include "log.h"
18#include "uidswap.h" 18#include "uidswap.h"
@@ -147,8 +147,12 @@ permanently_set_uid(struct passwd *pw)
147 fatal("permanently_set_uid: temporarily_use_uid effective"); 147 fatal("permanently_set_uid: temporarily_use_uid effective");
148 debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, 148 debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
149 (u_int)pw->pw_gid); 149 (u_int)pw->pw_gid);
150 if (setegid(pw->pw_gid) < 0)
151 fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
150 if (setgid(pw->pw_gid) < 0) 152 if (setgid(pw->pw_gid) < 0)
151 fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); 153 fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
154 if (seteuid(pw->pw_uid) < 0)
155 fatal("seteuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
152 if (setuid(pw->pw_uid) < 0) 156 if (setuid(pw->pw_uid) < 0)
153 fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); 157 fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
154} 158}