diff options
| author | Damien Miller <djm@mindrot.org> | 2001-09-15 21:12:49 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2001-09-15 21:12:49 +1000 |
| commit | ebf989e601a137d2c2dd489a614c7ba54b6fc910 (patch) | |
| tree | 06093961121682e71af1bece0fda514bd8910053 /sshd.c | |
| parent | ba6f9f9e492705d85001426d535bd3ff5b8dc46c (diff) | |
- (djm) Clear supplemental groups at sshd start to prevent them from
being propogated to random PAM modules. Based on patch from Redhat via
Pekka Savola <pekkas@netcore.fi>
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 4 |
1 files changed, 4 insertions, 0 deletions
| @@ -782,6 +782,10 @@ main(int ac, char **av) | |||
| 782 | log_stderr = 1; | 782 | log_stderr = 1; |
| 783 | log_init(__progname, options.log_level, options.log_facility, log_stderr); | 783 | log_init(__progname, options.log_level, options.log_facility, log_stderr); |
| 784 | 784 | ||
| 785 | /* Make supp. groups don't get propogated to PAM modules */ | ||
| 786 | if (setgroups(0, NULL) < 0) | ||
| 787 | fatal("setgroups() failed: %.200s", strerror(errno)); | ||
| 788 | |||
| 785 | /* | 789 | /* |
| 786 | * If not in debugging mode, and not started from inetd, disconnect | 790 | * If not in debugging mode, and not started from inetd, disconnect |
| 787 | * from the controlling terminal, and fork. The original process | 791 | * from the controlling terminal, and fork. The original process |