Drop to the user's UID when reading user keys with -a.

author: Colin Watson <cjwatson@debian.org> 2008-05-26 09:48:06 +0000
committer: Colin Watson <cjwatson@debian.org> 2008-05-26 09:48:06 +0000
commit: 7487a077a410826fa48f6a1db33408831b48dd21 (patch)
tree: c5d31579c915770b43412085c42b8bfeed0e5f98
parent: 4233cfb1e92c2c436126bac2782b81e081286a02 (diff)
2 files changed, 4 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 609738ea1..01dcc41f4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -54,6 +54,7 @@ openssh (1:4.7p1-11) UNRELEASED; urgency=low
    - Fix some buffer handling inconsistencies.
    - Use xasprintf to build user key file names, avoiding truncation
      problems.
+    - Drop to the user's UID when reading user keys with -a.
 -- Colin Watson <cjwatson@debian.org>  Sat, 17 May 2008 08:48:45 +0200
diff --git a/ssh-vulnkey.c b/ssh-vulnkey.c
index 8e1f11f79..52667199c 100644
--- a/ssh-vulnkey.c
+++ b/ssh-vulnkey.c
@@ -41,6 +41,7 @@
 #include "key.h"
 #include "authfile.h"
 #include "pathnames.h"
+#include "uidswap.h"
 #include "misc.h"
 extern char *__progname;
@@ -330,8 +331,10 @@ main(int argc, char **argv)
                while ((pw = getpwent()) != NULL) {
                        if (pw->pw_dir) {
+                                temporarily_use_uid(pw);
                                if (!do_user(pw->pw_dir))
                                        ret = 0;
+                                restore_uid();
                        }
                }
        } else if (optind == argc) {
author	Colin Watson <cjwatson@debian.org>	2008-05-26 09:48:06 +0000
committer	Colin Watson <cjwatson@debian.org>	2008-05-26 09:48:06 +0000
commit	7487a077a410826fa48f6a1db33408831b48dd21 (patch)
tree	c5d31579c915770b43412085c42b8bfeed0e5f98
parent	4233cfb1e92c2c436126bac2782b81e081286a02 (diff)