diff options
| author | Damien Miller <djm@mindrot.org> | 2000-11-25 10:09:32 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2000-11-25 10:09:32 +1100 |
| commit | d592b632968fbec154c81b93c99b283200b257b6 (patch) | |
| tree | 71ca03cc13c1871946c317662d77dacbc5e37d02 | |
| parent | 14920293713ff4a5bbe45b495694bfd925d73894 (diff) | |
give up privs when reading seed file
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | entropy.c | 14 |
2 files changed, 16 insertions, 1 deletions
| @@ -1,3 +1,6 @@ | |||
| 1 | 20001125 | ||
| 2 | - (djm) Give up privs when reading seed file | ||
| 3 | |||
| 1 | 20001123 | 4 | 20001123 |
| 2 | - (bal) Merge OpenBSD changes: | 5 | - (bal) Merge OpenBSD changes: |
| 3 | - markus@cvs.openbsd.org 2000/11/15 22:31:36 | 6 | - markus@cvs.openbsd.org 2000/11/15 22:31:36 |
| @@ -35,7 +35,7 @@ | |||
| 35 | # include <floatingpoint.h> | 35 | # include <floatingpoint.h> |
| 36 | #endif /* HAVE_FLOATINGPOINT_H */ | 36 | #endif /* HAVE_FLOATINGPOINT_H */ |
| 37 | 37 | ||
| 38 | RCSID("$Id: entropy.c,v 1.21 2000/10/16 09:13:43 djm Exp $"); | 38 | RCSID("$Id: entropy.c,v 1.22 2000/11/24 23:09:32 djm Exp $"); |
| 39 | 39 | ||
| 40 | #ifndef offsetof | 40 | #ifndef offsetof |
| 41 | # define offsetof(type, member) ((size_t) &((type *)0)->member) | 41 | # define offsetof(type, member) ((size_t) &((type *)0)->member) |
| @@ -798,7 +798,10 @@ seed_rng(void) | |||
| 798 | 798 | ||
| 799 | void init_rng(void) | 799 | void init_rng(void) |
| 800 | { | 800 | { |
| 801 | int original_euid; | ||
| 802 | |||
| 801 | original_uid = getuid(); | 803 | original_uid = getuid(); |
| 804 | original_euid = geteuid(); | ||
| 802 | 805 | ||
| 803 | /* Read in collection commands */ | 806 | /* Read in collection commands */ |
| 804 | if (!prng_read_commands(SSH_PRNG_COMMAND_FILE)) | 807 | if (!prng_read_commands(SSH_PRNG_COMMAND_FILE)) |
| @@ -806,7 +809,16 @@ void init_rng(void) | |||
| 806 | 809 | ||
| 807 | /* Set ourselves up to save a seed upon exit */ | 810 | /* Set ourselves up to save a seed upon exit */ |
| 808 | prng_seed_saved = 0; | 811 | prng_seed_saved = 0; |
| 812 | |||
| 813 | /* Give up privs while reading seed file */ | ||
| 814 | if ((original_uid != original_euid) && (seteuid(original_uid) == -1)) | ||
| 815 | fatal("Couldn't give up privileges"); | ||
| 816 | |||
| 809 | prng_read_seedfile(); | 817 | prng_read_seedfile(); |
| 818 | |||
| 819 | if ((original_uid != original_euid) && (seteuid(original_euid) == -1)) | ||
| 820 | fatal("Couldn't restore privileges"); | ||
| 821 | |||
| 810 | fatal_add_cleanup(prng_seed_cleanup, NULL); | 822 | fatal_add_cleanup(prng_seed_cleanup, NULL); |
| 811 | atexit(prng_write_seedfile); | 823 | atexit(prng_write_seedfile); |
| 812 | 824 | ||