- (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since

   it does the right thing on all platforms.  ok djm@

1 files changed, 6 insertions, 6 deletions

diff --git a/ssh-keysign.c b/ssh-keysign.c
index cf8b0c2d2..517655790 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -41,6 +41,7 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $");
 #include "canohost.h"
 #include "pathnames.h"
 #include "readconf.h"
+#include "uidswap.h"
 
 /* XXX readconf.c needs these */
 uid_t original_real_uid;
@@ -150,8 +151,11 @@ main(int argc, char **argv)
         key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
         key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
 
-        seteuid(getuid());
-        setuid(getuid());
+        if ((pw = getpwuid(getuid())) == NULL)
+                fatal("getpwuid failed");
+        pw = pwcopy(pw);
+
+        permanently_set_uid(pw);
 
         init_rng();
         seed_rng();
@@ -173,10 +177,6 @@ main(int argc, char **argv)
         if (key_fd[0] == -1 && key_fd[1] == -1)
                 fatal("could not open any host key");
 
-        if ((pw = getpwuid(getuid())) == NULL)
-                fatal("getpwuid failed");
-        pw = pwcopy(pw);
-
         SSLeay_add_all_algorithms();
         for (i = 0; i < 256; i++)
                 rnd[i] = arc4random();