summaryrefslogtreecommitdiff
path: root/sshconnect.c
diff options
context:
space:
mode:
authordtucker@openbsd.org <dtucker@openbsd.org>2018-07-18 11:34:04 +0000
committerDamien Miller <djm@mindrot.org>2018-07-19 21:41:42 +1000
commit258dc8bb07dfb35a46e52b0822a2c5b7027df60a (patch)
tree0076c7e0f10f5f525efbd9f7499e5707203b743f /sshconnect.c
parentac590760b251506b0a152551abbf8e8d6dc2f527 (diff)
upstream: Remove support for running ssh(1) setuid and fatal if
attempted. Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@ OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42
Diffstat (limited to 'sshconnect.c')
-rw-r--r--sshconnect.c28
1 files changed, 3 insertions, 25 deletions
diff --git a/sshconnect.c b/sshconnect.c
index 2eaf020e0..9fa95e1e3 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.300 2018/07/11 18:53:29 markus Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.301 2018/07/18 11:34:04 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -53,7 +53,6 @@
53#include "ssh.h" 53#include "ssh.h"
54#include "sshbuf.h" 54#include "sshbuf.h"
55#include "packet.h" 55#include "packet.h"
56#include "uidswap.h"
57#include "compat.h" 56#include "compat.h"
58#include "sshkey.h" 57#include "sshkey.h"
59#include "sshconnect.h" 58#include "sshconnect.h"
@@ -130,9 +129,6 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port,
130 if ((pid = fork()) == 0) { 129 if ((pid = fork()) == 0) {
131 char *argv[10]; 130 char *argv[10];
132 131
133 /* Child. Permanently give up superuser privileges. */
134 permanently_drop_suid(original_real_uid);
135
136 close(sp[1]); 132 close(sp[1]);
137 /* Redirect stdin and stdout. */ 133 /* Redirect stdin and stdout. */
138 if (sp[0] != 0) { 134 if (sp[0] != 0) {
@@ -212,9 +208,6 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port,
212 if ((pid = fork()) == 0) { 208 if ((pid = fork()) == 0) {
213 char *argv[10]; 209 char *argv[10];
214 210
215 /* Child. Permanently give up superuser privileges. */
216 permanently_drop_suid(original_real_uid);
217
218 /* Redirect stdin and stdout. */ 211 /* Redirect stdin and stdout. */
219 close(pin[1]); 212 close(pin[1]);
220 if (pin[0] != 0) { 213 if (pin[0] != 0) {
@@ -342,7 +335,7 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs,
342static int 335static int
343ssh_create_socket(int privileged, struct addrinfo *ai) 336ssh_create_socket(int privileged, struct addrinfo *ai)
344{ 337{
345 int sock, r, oerrno; 338 int sock, r;
346 struct sockaddr_storage bindaddr; 339 struct sockaddr_storage bindaddr;
347 socklen_t bindaddrlen = 0; 340 socklen_t bindaddrlen = 0;
348 struct addrinfo hints, *res = NULL; 341 struct addrinfo hints, *res = NULL;
@@ -409,22 +402,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai)
409 ssh_gai_strerror(r)); 402 ssh_gai_strerror(r));
410 goto fail; 403 goto fail;
411 } 404 }
412 /* 405 if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) {
413 * If we are running as root and want to connect to a privileged
414 * port, bind our own socket to a privileged port.
415 */
416 if (privileged) {
417 PRIV_START;
418 r = bindresvport_sa(sock,
419 bindaddrlen == 0 ? NULL : (struct sockaddr *)&bindaddr);
420 oerrno = errno;
421 PRIV_END;
422 if (r < 0) {
423 error("bindresvport_sa %s: %s", ntop,
424 strerror(oerrno));
425 goto fail;
426 }
427 } else if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) {
428 error("bind %s: %s", ntop, strerror(errno)); 406 error("bind %s: %s", ntop, strerror(errno));
429 goto fail; 407 goto fail;
430 } 408 }
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-01 05:32:41 +0000