diff options
| author | Damien Miller <djm@mindrot.org> | 2002-09-04 16:50:06 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-09-04 16:50:06 +1000 |
| commit | 50b9a60082171c12deed0d52f47c03bdc75d8cb4 (patch) | |
| tree | e321e91bb15fcd624239b7c8b79b9e3a2eba348f | |
| parent | 9b1dacdf2cc18aa150bc2a293e7180db79103f9a (diff) | |
- stevesk@cvs.openbsd.org 2002/08/29 19:49:42
[ssh.c]
shrink initial privilege bracket for setuid case; ok markus@
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | ssh.c | 20 |
2 files changed, 14 insertions, 11 deletions
| @@ -48,6 +48,9 @@ | |||
| 48 | - stevesk@cvs.openbsd.org 2002/08/29 16:09:02 | 48 | - stevesk@cvs.openbsd.org 2002/08/29 16:09:02 |
| 49 | [ssh_config.5] | 49 | [ssh_config.5] |
| 50 | more on UsePrivilegedPort and setuid root; ok markus@ | 50 | more on UsePrivilegedPort and setuid root; ok markus@ |
| 51 | - stevesk@cvs.openbsd.org 2002/08/29 19:49:42 | ||
| 52 | [ssh.c] | ||
| 53 | shrink initial privilege bracket for setuid case; ok markus@ | ||
| 51 | 54 | ||
| 52 | 20020820 | 55 | 20020820 |
| 53 | - OpenBSD CVS Sync | 56 | - OpenBSD CVS Sync |
| @@ -1589,4 +1592,4 @@ | |||
| 1589 | - (stevesk) entropy.c: typo in debug message | 1592 | - (stevesk) entropy.c: typo in debug message |
| 1590 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 1593 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
| 1591 | 1594 | ||
| 1592 | $Id: ChangeLog,v 1.2440 2002/09/04 06:47:35 djm Exp $ | 1595 | $Id: ChangeLog,v 1.2441 2002/09/04 06:50:06 djm Exp $ |
| @@ -40,7 +40,7 @@ | |||
| 40 | */ | 40 | */ |
| 41 | 41 | ||
| 42 | #include "includes.h" | 42 | #include "includes.h" |
| 43 | RCSID("$OpenBSD: ssh.c,v 1.183 2002/08/29 16:02:54 stevesk Exp $"); | 43 | RCSID("$OpenBSD: ssh.c,v 1.184 2002/08/29 19:49:42 stevesk Exp $"); |
| 44 | 44 | ||
| 45 | #include <openssl/evp.h> | 45 | #include <openssl/evp.h> |
| 46 | #include <openssl/err.h> | 46 | #include <openssl/err.h> |
| @@ -228,6 +228,15 @@ main(int ac, char **av) | |||
| 228 | */ | 228 | */ |
| 229 | original_real_uid = getuid(); | 229 | original_real_uid = getuid(); |
| 230 | original_effective_uid = geteuid(); | 230 | original_effective_uid = geteuid(); |
| 231 | |||
| 232 | /* | ||
| 233 | * Use uid-swapping to give up root privileges for the duration of | ||
| 234 | * option processing. We will re-instantiate the rights when we are | ||
| 235 | * ready to create the privileged port, and will permanently drop | ||
| 236 | * them when the port has been created (actually, when the connection | ||
| 237 | * has been made, as we may need to create the port several times). | ||
| 238 | */ | ||
| 239 | PRIV_END; | ||
| 231 | 240 | ||
| 232 | #ifdef HAVE_SETRLIMIT | 241 | #ifdef HAVE_SETRLIMIT |
| 233 | /* If we are installed setuid root be careful to not drop core. */ | 242 | /* If we are installed setuid root be careful to not drop core. */ |
| @@ -248,15 +257,6 @@ main(int ac, char **av) | |||
| 248 | pw = pwcopy(pw); | 257 | pw = pwcopy(pw); |
| 249 | 258 | ||
| 250 | /* | 259 | /* |
| 251 | * Use uid-swapping to give up root privileges for the duration of | ||
| 252 | * option processing. We will re-instantiate the rights when we are | ||
| 253 | * ready to create the privileged port, and will permanently drop | ||
| 254 | * them when the port has been created (actually, when the connection | ||
| 255 | * has been made, as we may need to create the port several times). | ||
| 256 | */ | ||
| 257 | PRIV_END; | ||
| 258 | |||
| 259 | /* | ||
| 260 | * Set our umask to something reasonable, as some files are created | 260 | * Set our umask to something reasonable, as some files are created |
| 261 | * with the default umask. This will make them world-readable but | 261 | * with the default umask. This will make them world-readable but |
| 262 | * writable only by the owner, which is ok for all files for which we | 262 | * writable only by the owner, which is ok for all files for which we |