diff options
author | Damien Miller <djm@mindrot.org> | 2002-09-04 16:50:06 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2002-09-04 16:50:06 +1000 |
commit | 50b9a60082171c12deed0d52f47c03bdc75d8cb4 (patch) | |
tree | e321e91bb15fcd624239b7c8b79b9e3a2eba348f | |
parent | 9b1dacdf2cc18aa150bc2a293e7180db79103f9a (diff) |
- stevesk@cvs.openbsd.org 2002/08/29 19:49:42
[ssh.c]
shrink initial privilege bracket for setuid case; ok markus@
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | ssh.c | 20 |
2 files changed, 14 insertions, 11 deletions
@@ -48,6 +48,9 @@ | |||
48 | - stevesk@cvs.openbsd.org 2002/08/29 16:09:02 | 48 | - stevesk@cvs.openbsd.org 2002/08/29 16:09:02 |
49 | [ssh_config.5] | 49 | [ssh_config.5] |
50 | more on UsePrivilegedPort and setuid root; ok markus@ | 50 | more on UsePrivilegedPort and setuid root; ok markus@ |
51 | - stevesk@cvs.openbsd.org 2002/08/29 19:49:42 | ||
52 | [ssh.c] | ||
53 | shrink initial privilege bracket for setuid case; ok markus@ | ||
51 | 54 | ||
52 | 20020820 | 55 | 20020820 |
53 | - OpenBSD CVS Sync | 56 | - OpenBSD CVS Sync |
@@ -1589,4 +1592,4 @@ | |||
1589 | - (stevesk) entropy.c: typo in debug message | 1592 | - (stevesk) entropy.c: typo in debug message |
1590 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 1593 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
1591 | 1594 | ||
1592 | $Id: ChangeLog,v 1.2440 2002/09/04 06:47:35 djm Exp $ | 1595 | $Id: ChangeLog,v 1.2441 2002/09/04 06:50:06 djm Exp $ |
@@ -40,7 +40,7 @@ | |||
40 | */ | 40 | */ |
41 | 41 | ||
42 | #include "includes.h" | 42 | #include "includes.h" |
43 | RCSID("$OpenBSD: ssh.c,v 1.183 2002/08/29 16:02:54 stevesk Exp $"); | 43 | RCSID("$OpenBSD: ssh.c,v 1.184 2002/08/29 19:49:42 stevesk Exp $"); |
44 | 44 | ||
45 | #include <openssl/evp.h> | 45 | #include <openssl/evp.h> |
46 | #include <openssl/err.h> | 46 | #include <openssl/err.h> |
@@ -228,6 +228,15 @@ main(int ac, char **av) | |||
228 | */ | 228 | */ |
229 | original_real_uid = getuid(); | 229 | original_real_uid = getuid(); |
230 | original_effective_uid = geteuid(); | 230 | original_effective_uid = geteuid(); |
231 | |||
232 | /* | ||
233 | * Use uid-swapping to give up root privileges for the duration of | ||
234 | * option processing. We will re-instantiate the rights when we are | ||
235 | * ready to create the privileged port, and will permanently drop | ||
236 | * them when the port has been created (actually, when the connection | ||
237 | * has been made, as we may need to create the port several times). | ||
238 | */ | ||
239 | PRIV_END; | ||
231 | 240 | ||
232 | #ifdef HAVE_SETRLIMIT | 241 | #ifdef HAVE_SETRLIMIT |
233 | /* If we are installed setuid root be careful to not drop core. */ | 242 | /* If we are installed setuid root be careful to not drop core. */ |
@@ -248,15 +257,6 @@ main(int ac, char **av) | |||
248 | pw = pwcopy(pw); | 257 | pw = pwcopy(pw); |
249 | 258 | ||
250 | /* | 259 | /* |
251 | * Use uid-swapping to give up root privileges for the duration of | ||
252 | * option processing. We will re-instantiate the rights when we are | ||
253 | * ready to create the privileged port, and will permanently drop | ||
254 | * them when the port has been created (actually, when the connection | ||
255 | * has been made, as we may need to create the port several times). | ||
256 | */ | ||
257 | PRIV_END; | ||
258 | |||
259 | /* | ||
260 | * Set our umask to something reasonable, as some files are created | 260 | * Set our umask to something reasonable, as some files are created |
261 | * with the default umask. This will make them world-readable but | 261 | * with the default umask. This will make them world-readable but |
262 | * writable only by the owner, which is ok for all files for which we | 262 | * writable only by the owner, which is ok for all files for which we |