diff options
| author | Damien Miller <djm@mindrot.org> | 2002-05-10 12:20:24 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-05-10 12:20:24 +1000 |
| commit | 87aea25f1ac7caf3a788f17c62164c0103ec3d35 (patch) | |
| tree | 6bfcb117b35f08e33eeebf4c586ed490d3633afe | |
| parent | cfe4a89eef91939ef865d6d25ecdc39fb87e8b5f (diff) | |
- (djm) Try to drop supplemental groups at daemon startup. Patch from
RedHat
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | sshd.c | 10 |
2 files changed, 13 insertions, 1 deletions
| @@ -2,6 +2,8 @@ | |||
| 2 | - (djm) Rework RedHat RPM files. Based on spec from Nalin | 2 | - (djm) Rework RedHat RPM files. Based on spec from Nalin |
| 3 | Dahyabhai <nalin@redhat.com> and patches from | 3 | Dahyabhai <nalin@redhat.com> and patches from |
| 4 | Pekka Savola <pekkas@netcore.fi> | 4 | Pekka Savola <pekkas@netcore.fi> |
| 5 | - (djm) Try to drop supplemental groups at daemon startup. Patch from | ||
| 6 | RedHat | ||
| 5 | 7 | ||
| 6 | 20020509 | 8 | 20020509 |
| 7 | - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep | 9 | - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep |
| @@ -553,4 +555,4 @@ | |||
| 553 | - (stevesk) entropy.c: typo in debug message | 555 | - (stevesk) entropy.c: typo in debug message |
| 554 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 556 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
| 555 | 557 | ||
| 556 | $Id: ChangeLog,v 1.2101 2002/05/10 02:19:23 djm Exp $ | 558 | $Id: ChangeLog,v 1.2102 2002/05/10 02:20:24 djm Exp $ |
| @@ -1005,6 +1005,16 @@ main(int ac, char **av) | |||
| 1005 | if (test_flag) | 1005 | if (test_flag) |
| 1006 | exit(0); | 1006 | exit(0); |
| 1007 | 1007 | ||
| 1008 | /* | ||
| 1009 | * Clear out any supplemental groups we may have inherited. This | ||
| 1010 | * prevents inadvertent creation of files with bad modes (in the | ||
| 1011 | * portable version at least, it's certainly possible for PAM | ||
| 1012 | * to create a file, and we can't control the code in every | ||
| 1013 | * module which might be used). | ||
| 1014 | */ | ||
| 1015 | if (setgroups(0, NULL) < 0) | ||
| 1016 | debug("setgroups() failed: %.200s", strerror(errno)); | ||
| 1017 | |||
| 1008 | /* Initialize the log (it is reinitialized below in case we forked). */ | 1018 | /* Initialize the log (it is reinitialized below in case we forked). */ |
| 1009 | if (debug_flag && !inetd_flag) | 1019 | if (debug_flag && !inetd_flag) |
| 1010 | log_stderr = 1; | 1020 | log_stderr = 1; |