diff options
| author | Damien Miller <djm@mindrot.org> | 2002-09-12 09:51:10 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2002-09-12 09:51:10 +1000 |
| commit | 538f1819d8fb22c7e3b3a5ee99c406f296c86335 (patch) | |
| tree | 5a233c3a4ba0ee117ea0648e48c3bb293ed277ad | |
| parent | a10f56151b24ce677c2c93440d723597410229d5 (diff) | |
- markus@cvs.openbsd.org 2002/09/10 20:24:47
[ssh-agent.c]
check the euid of the connecting process with getpeereid(2);
ok provos deraadt stevesk
| -rw-r--r-- | ChangeLog | 6 | ||||
| -rw-r--r-- | ssh-agent.c | 17 |
2 files changed, 21 insertions, 2 deletions
| @@ -11,6 +11,10 @@ | |||
| 11 | - markus@cvs.openbsd.org 2002/09/09 14:54:15 | 11 | - markus@cvs.openbsd.org 2002/09/09 14:54:15 |
| 12 | [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c] | 12 | [channels.c kex.h key.c monitor.c monitor_wrap.c radix.c uuencode.c] |
| 13 | signed vs unsigned from -pedantic; ok henning@ | 13 | signed vs unsigned from -pedantic; ok henning@ |
| 14 | - markus@cvs.openbsd.org 2002/09/10 20:24:47 | ||
| 15 | [ssh-agent.c] | ||
| 16 | check the euid of the connecting process with getpeereid(2); | ||
| 17 | ok provos deraadt stevesk | ||
| 14 | 18 | ||
| 15 | 20020911 | 19 | 20020911 |
| 16 | - (djm) Sync openbsd-compat with OpenBSD -current | 20 | - (djm) Sync openbsd-compat with OpenBSD -current |
| @@ -1631,4 +1635,4 @@ | |||
| 1631 | - (stevesk) entropy.c: typo in debug message | 1635 | - (stevesk) entropy.c: typo in debug message |
| 1632 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 1636 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
| 1633 | 1637 | ||
| 1634 | $Id: ChangeLog,v 1.2454 2002/09/11 23:49:15 djm Exp $ | 1638 | $Id: ChangeLog,v 1.2455 2002/09/11 23:51:10 djm Exp $ |
diff --git a/ssh-agent.c b/ssh-agent.c index 0bfef4dce..312f2269d 100644 --- a/ssh-agent.c +++ b/ssh-agent.c | |||
| @@ -35,7 +35,7 @@ | |||
| 35 | 35 | ||
| 36 | #include "includes.h" | 36 | #include "includes.h" |
| 37 | #include "openbsd-compat/fake-queue.h" | 37 | #include "openbsd-compat/fake-queue.h" |
| 38 | RCSID("$OpenBSD: ssh-agent.c,v 1.102 2002/08/22 20:57:19 stevesk Exp $"); | 38 | RCSID("$OpenBSD: ssh-agent.c,v 1.103 2002/09/10 20:24:47 markus Exp $"); |
| 39 | 39 | ||
| 40 | #include <openssl/evp.h> | 40 | #include <openssl/evp.h> |
| 41 | #include <openssl/md5.h> | 41 | #include <openssl/md5.h> |
| @@ -810,6 +810,8 @@ after_select(fd_set *readset, fd_set *writeset) | |||
| 810 | char buf[1024]; | 810 | char buf[1024]; |
| 811 | int len, sock; | 811 | int len, sock; |
| 812 | u_int i; | 812 | u_int i; |
| 813 | uid_t euid; | ||
| 814 | gid_t egid; | ||
| 813 | 815 | ||
| 814 | for (i = 0; i < sockets_alloc; i++) | 816 | for (i = 0; i < sockets_alloc; i++) |
| 815 | switch (sockets[i].type) { | 817 | switch (sockets[i].type) { |
| @@ -825,6 +827,19 @@ after_select(fd_set *readset, fd_set *writeset) | |||
| 825 | strerror(errno)); | 827 | strerror(errno)); |
| 826 | break; | 828 | break; |
| 827 | } | 829 | } |
| 830 | if (getpeereid(sock, &euid, &egid) < 0) { | ||
| 831 | error("getpeereid %d failed: %s", | ||
| 832 | sock, strerror(errno)); | ||
| 833 | close(sock); | ||
| 834 | break; | ||
| 835 | } | ||
| 836 | if (getuid() != euid) { | ||
| 837 | error("uid mismatch: " | ||
| 838 | "peer euid %d != uid %d", | ||
| 839 | (int) euid, (int) getuid()); | ||
| 840 | close(sock); | ||
| 841 | break; | ||
| 842 | } | ||
| 828 | new_socket(AUTH_CONNECTION, sock); | 843 | new_socket(AUTH_CONNECTION, sock); |
| 829 | } | 844 | } |
| 830 | break; | 845 | break; |