- markus@cvs.openbsd.org 2002/06/25 18:51:04

[sshd.c] lightweight do_setusercontext after chroot()
author: Ben Lindstrom <mouring@eviladmin.org> 2002-06-25 23:24:18 +0000
committer: Ben Lindstrom <mouring@eviladmin.org> 2002-06-25 23:24:18 +0000
commit: fbcc3f71f24cf92fecc0bd51ec70271e5488e908 (patch)
tree: 54d70391bf5029971a39c6a2d104f88e220dc1d6 /sshd.c
parent: 6398a0ef12139ad40a63a6dda82a7847919f8c34 (diff)
1 files changed, 12 insertions, 1 deletions
diff --git a/sshd.c b/sshd.c
index 18df8ab8f..851fad4be 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
 */
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.250 2002/06/23 10:29:52 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $");
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -530,6 +530,7 @@ static void
 privsep_preauth_child(void)
 {
        u_int32_t rand[256];
+        gid_t gidset[2];
        struct passwd *pw;
        int i;
@@ -559,7 +560,17 @@ privsep_preauth_child(void)
        /* Drop our privileges */
        debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
            (u_int)pw->pw_gid);
+#if 0
+        /* XXX not ready, to heavy after chroot */
        do_setusercontext(pw);
+#else
+        gidset[0] = pw->pw_gid;
+        if (setgid(pw->pw_gid) < 0)
+                fatal("setgid failed for %u", pw->pw_gid );
+        if (setgroups(1, gidset) < 0)
+                fatal("setgroups: %.100s", strerror(errno));
+        permanently_set_uid(pw);
+#endif
 }
 static Authctxt*
author	Ben Lindstrom <mouring@eviladmin.org>	2002-06-25 23:24:18 +0000
committer	Ben Lindstrom <mouring@eviladmin.org>	2002-06-25 23:24:18 +0000
commit	fbcc3f71f24cf92fecc0bd51ec70271e5488e908 (patch)
tree	54d70391bf5029971a39c6a2d104f88e220dc1d6 /sshd.c
parent	6398a0ef12139ad40a63a6dda82a7847919f8c34 (diff)