diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-05-15 16:17:56 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-05-15 16:17:56 +0000 |
commit | 17401b6b772213ae466cb3ac287b4980ff9f7d0d (patch) | |
tree | 8dde6c72117e92007bbfd4ae6f7d17eecb309b35 /sshd.c | |
parent | a574cda45b5d3c3363520ef9e4aa3aaa5888c078 (diff) |
- millert@cvs.openbsd.org 2002/05/13 15:53:19
[sshd.c]
Call setsid() in the child after sshd accepts the connection and forks.
This is needed for privsep which calls setlogin() when it changes uids.
Without this, there is a race where the login name of an existing
connection, as returned by getlogin(), may be changed to the privsep
user (sshd). markus@ OK
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -42,7 +42,7 @@ | |||
42 | */ | 42 | */ |
43 | 43 | ||
44 | #include "includes.h" | 44 | #include "includes.h" |
45 | RCSID("$OpenBSD: sshd.c,v 1.240 2002/04/23 22:16:29 djm Exp $"); | 45 | RCSID("$OpenBSD: sshd.c,v 1.241 2002/05/13 15:53:19 millert Exp $"); |
46 | 46 | ||
47 | #include <openssl/dh.h> | 47 | #include <openssl/dh.h> |
48 | #include <openssl/bn.h> | 48 | #include <openssl/bn.h> |
@@ -1332,6 +1332,14 @@ main(int ac, char **av) | |||
1332 | /* This is the child processing a new connection. */ | 1332 | /* This is the child processing a new connection. */ |
1333 | 1333 | ||
1334 | /* | 1334 | /* |
1335 | * Create a new session and process group since the 4.4BSD | ||
1336 | * setlogin() affects the entire process group. We don't | ||
1337 | * want the child to be able to affect the parent. | ||
1338 | */ | ||
1339 | if (setsid() < 0) | ||
1340 | error("setsid: %.100s", strerror(errno)); | ||
1341 | |||
1342 | /* | ||
1335 | * Disable the key regeneration alarm. We will not regenerate the | 1343 | * Disable the key regeneration alarm. We will not regenerate the |
1336 | * key since we are no longer in a position to give it to anyone. We | 1344 | * key since we are no longer in a position to give it to anyone. We |
1337 | * will not restart on SIGHUP since it no longer makes sense. | 1345 | * will not restart on SIGHUP since it no longer makes sense. |