diff options
author | Damien Miller <djm@mindrot.org> | 2001-09-15 21:12:49 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2001-09-15 21:12:49 +1000 |
commit | ebf989e601a137d2c2dd489a614c7ba54b6fc910 (patch) | |
tree | 06093961121682e71af1bece0fda514bd8910053 | |
parent | ba6f9f9e492705d85001426d535bd3ff5b8dc46c (diff) |
- (djm) Clear supplemental groups at sshd start to prevent them from
being propogated to random PAM modules. Based on patch from Redhat via
Pekka Savola <pekkas@netcore.fi>
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | sshd.c | 4 |
2 files changed, 8 insertions, 1 deletions
@@ -5,6 +5,9 @@ | |||
5 | Redhat | 5 | Redhat |
6 | - (djm) Redhat initscript config sanity checking from Pekka Savola | 6 | - (djm) Redhat initscript config sanity checking from Pekka Savola |
7 | <pekkas@netcore.fi> | 7 | <pekkas@netcore.fi> |
8 | - (djm) Clear supplemental groups at sshd start to prevent them from | ||
9 | being propogated to random PAM modules. Based on patch from Redhat via | ||
10 | Pekka Savola <pekkas@netcore.fi> | ||
8 | 11 | ||
9 | 20010914 | 12 | 20010914 |
10 | - (bal) OpenBSD CVS Sync | 13 | - (bal) OpenBSD CVS Sync |
@@ -6436,4 +6439,4 @@ | |||
6436 | - Wrote replacements for strlcpy and mkdtemp | 6439 | - Wrote replacements for strlcpy and mkdtemp |
6437 | - Released 1.0pre1 | 6440 | - Released 1.0pre1 |
6438 | 6441 | ||
6439 | $Id: ChangeLog,v 1.1518 2001/09/15 11:03:10 djm Exp $ | 6442 | $Id: ChangeLog,v 1.1519 2001/09/15 11:12:49 djm Exp $ |
@@ -782,6 +782,10 @@ main(int ac, char **av) | |||
782 | log_stderr = 1; | 782 | log_stderr = 1; |
783 | log_init(__progname, options.log_level, options.log_facility, log_stderr); | 783 | log_init(__progname, options.log_level, options.log_facility, log_stderr); |
784 | 784 | ||
785 | /* Make supp. groups don't get propogated to PAM modules */ | ||
786 | if (setgroups(0, NULL) < 0) | ||
787 | fatal("setgroups() failed: %.200s", strerror(errno)); | ||
788 | |||
785 | /* | 789 | /* |
786 | * If not in debugging mode, and not started from inetd, disconnect | 790 | * If not in debugging mode, and not started from inetd, disconnect |
787 | * from the controlling terminal, and fork. The original process | 791 | * from the controlling terminal, and fork. The original process |