diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-25 23:24:18 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-25 23:24:18 +0000 |
| commit | fbcc3f71f24cf92fecc0bd51ec70271e5488e908 (patch) | |
| tree | 54d70391bf5029971a39c6a2d104f88e220dc1d6 | |
| parent | 6398a0ef12139ad40a63a6dda82a7847919f8c34 (diff) | |
- markus@cvs.openbsd.org 2002/06/25 18:51:04
[sshd.c]
lightweight do_setusercontext after chroot()
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | sshd.c | 13 |
2 files changed, 16 insertions, 2 deletions
| @@ -22,6 +22,9 @@ | |||
| 22 | - markus@cvs.openbsd.org 2002/06/25 16:22:42 | 22 | - markus@cvs.openbsd.org 2002/06/25 16:22:42 |
| 23 | [authfd.c] | 23 | [authfd.c] |
| 24 | unnecessary cast | 24 | unnecessary cast |
| 25 | - markus@cvs.openbsd.org 2002/06/25 18:51:04 | ||
| 26 | [sshd.c] | ||
| 27 | lightweight do_setusercontext after chroot() | ||
| 25 | 28 | ||
| 26 | 20020625 | 29 | 20020625 |
| 27 | - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh | 30 | - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh |
| @@ -1121,4 +1124,4 @@ | |||
| 1121 | - (stevesk) entropy.c: typo in debug message | 1124 | - (stevesk) entropy.c: typo in debug message |
| 1122 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ | 1125 | - (djm) ssh-keygen -i needs seeded RNG; report from markus@ |
| 1123 | 1126 | ||
| 1124 | $Id: ChangeLog,v 1.2280 2002/06/25 23:22:54 mouring Exp $ | 1127 | $Id: ChangeLog,v 1.2281 2002/06/25 23:24:18 mouring Exp $ |
| @@ -42,7 +42,7 @@ | |||
| 42 | */ | 42 | */ |
| 43 | 43 | ||
| 44 | #include "includes.h" | 44 | #include "includes.h" |
| 45 | RCSID("$OpenBSD: sshd.c,v 1.250 2002/06/23 10:29:52 deraadt Exp $"); | 45 | RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $"); |
| 46 | 46 | ||
| 47 | #include <openssl/dh.h> | 47 | #include <openssl/dh.h> |
| 48 | #include <openssl/bn.h> | 48 | #include <openssl/bn.h> |
| @@ -530,6 +530,7 @@ static void | |||
| 530 | privsep_preauth_child(void) | 530 | privsep_preauth_child(void) |
| 531 | { | 531 | { |
| 532 | u_int32_t rand[256]; | 532 | u_int32_t rand[256]; |
| 533 | gid_t gidset[2]; | ||
| 533 | struct passwd *pw; | 534 | struct passwd *pw; |
| 534 | int i; | 535 | int i; |
| 535 | 536 | ||
| @@ -559,7 +560,17 @@ privsep_preauth_child(void) | |||
| 559 | /* Drop our privileges */ | 560 | /* Drop our privileges */ |
| 560 | debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, | 561 | debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, |
| 561 | (u_int)pw->pw_gid); | 562 | (u_int)pw->pw_gid); |
| 563 | #if 0 | ||
| 564 | /* XXX not ready, to heavy after chroot */ | ||
| 562 | do_setusercontext(pw); | 565 | do_setusercontext(pw); |
| 566 | #else | ||
| 567 | gidset[0] = pw->pw_gid; | ||
| 568 | if (setgid(pw->pw_gid) < 0) | ||
| 569 | fatal("setgid failed for %u", pw->pw_gid ); | ||
| 570 | if (setgroups(1, gidset) < 0) | ||
| 571 | fatal("setgroups: %.100s", strerror(errno)); | ||
| 572 | permanently_set_uid(pw); | ||
| 573 | #endif | ||
| 563 | } | 574 | } |
| 564 | 575 | ||
| 565 | static Authctxt* | 576 | static Authctxt* |