diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | acconfig.h | 5 | ||||
-rw-r--r-- | configure.in | 5 | ||||
-rw-r--r-- | entropy.c | 23 |
4 files changed, 33 insertions, 4 deletions
@@ -1,5 +1,7 @@ | |||
1 | 20010226 | 1 | 20010226 |
2 | - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again. | 2 | - (bal) Fixed bsd-snprinf.c so it now honors 'BROKEN_SNPRINTF' again. |
3 | - (djm) Some systems (SCO3, NeXT) have weird saved uid semantics. | ||
4 | Based on patch from Tim Rice <tim@multitalents.net> | ||
3 | 5 | ||
4 | 20010225 | 6 | 20010225 |
5 | - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile | 7 | - (djm) Use %{_libexecdir} rather than hardcoded path in RPM specfile |
@@ -4129,4 +4131,4 @@ | |||
4129 | - Wrote replacements for strlcpy and mkdtemp | 4131 | - Wrote replacements for strlcpy and mkdtemp |
4130 | - Released 1.0pre1 | 4132 | - Released 1.0pre1 |
4131 | 4133 | ||
4132 | $Id: ChangeLog,v 1.822 2001/02/25 23:20:40 mouring Exp $ | 4134 | $Id: ChangeLog,v 1.823 2001/02/26 09:49:58 djm Exp $ |
diff --git a/acconfig.h b/acconfig.h index 01dfb4b6d..5617d8317 100644 --- a/acconfig.h +++ b/acconfig.h | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $Id: acconfig.h,v 1.103 2001/02/24 21:41:10 mouring Exp $ */ | 1 | /* $Id: acconfig.h,v 1.104 2001/02/26 09:49:59 djm Exp $ */ |
2 | 2 | ||
3 | #ifndef _CONFIG_H | 3 | #ifndef _CONFIG_H |
4 | #define _CONFIG_H | 4 | #define _CONFIG_H |
@@ -296,6 +296,9 @@ | |||
296 | /* Define if X11 doesn't support AF_UNIX sockets on that system */ | 296 | /* Define if X11 doesn't support AF_UNIX sockets on that system */ |
297 | #undef NO_X11_UNIX_SOCKETS | 297 | #undef NO_X11_UNIX_SOCKETS |
298 | 298 | ||
299 | /* Needed for SCO and NeXT */ | ||
300 | #undef SAVED_IDS_WORK_WITH_SETEUID | ||
301 | |||
299 | @BOTTOM@ | 302 | @BOTTOM@ |
300 | 303 | ||
301 | /* ******************* Shouldn't need to edit below this line ************** */ | 304 | /* ******************* Shouldn't need to edit below this line ************** */ |
diff --git a/configure.in b/configure.in index 4ed1eb7c5..7f571bbdf 100644 --- a/configure.in +++ b/configure.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.in,v 1.253 2001/02/24 21:41:11 mouring Exp $ | 1 | # $Id: configure.in,v 1.254 2001/02/26 09:49:59 djm Exp $ |
2 | 2 | ||
3 | AC_INIT(ssh.c) | 3 | AC_INIT(ssh.c) |
4 | 4 | ||
@@ -152,6 +152,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
152 | AC_DEFINE(HAVE_NEXT) | 152 | AC_DEFINE(HAVE_NEXT) |
153 | AC_DEFINE(BROKEN_REALPATH) | 153 | AC_DEFINE(BROKEN_REALPATH) |
154 | AC_DEFINE(USE_PIPES) | 154 | AC_DEFINE(USE_PIPES) |
155 | AC_DEFINE(SAVED_IDS_WORK_WITH_SETEUID) | ||
155 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" | 156 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" |
156 | CFLAGS="$CFLAGS" | 157 | CFLAGS="$CFLAGS" |
157 | ;; | 158 | ;; |
@@ -238,6 +239,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
238 | AC_DEFINE(HAVE_SCO_PROTECTED_PW) | 239 | AC_DEFINE(HAVE_SCO_PROTECTED_PW) |
239 | AC_DEFINE(DISABLE_SHADOW) | 240 | AC_DEFINE(DISABLE_SHADOW) |
240 | AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) | 241 | AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) |
242 | AC_DEFINE(SAVED_IDS_WORK_WITH_SETEUID) | ||
241 | AC_CHECK_FUNCS(getluid setluid) | 243 | AC_CHECK_FUNCS(getluid setluid) |
242 | ;; | 244 | ;; |
243 | *-*-sco3.2v5*) | 245 | *-*-sco3.2v5*) |
@@ -252,6 +254,7 @@ mips-sony-bsd|mips-sony-newsos4) | |||
252 | AC_DEFINE(HAVE_SCO_PROTECTED_PW) | 254 | AC_DEFINE(HAVE_SCO_PROTECTED_PW) |
253 | AC_DEFINE(DISABLE_SHADOW) | 255 | AC_DEFINE(DISABLE_SHADOW) |
254 | AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) | 256 | AC_DEFINE(HAVE_BOGUS_SYS_QUEUE_H) |
257 | AC_DEFINE(SAVED_IDS_WORK_WITH_SETEUID) | ||
255 | AC_CHECK_FUNCS(getluid setluid) | 258 | AC_CHECK_FUNCS(getluid setluid) |
256 | ;; | 259 | ;; |
257 | *-dec-osf*) | 260 | *-dec-osf*) |
@@ -39,7 +39,7 @@ | |||
39 | #include "pathnames.h" | 39 | #include "pathnames.h" |
40 | #include "log.h" | 40 | #include "log.h" |
41 | 41 | ||
42 | RCSID("$Id: entropy.c,v 1.29 2001/02/18 11:34:32 stevesk Exp $"); | 42 | RCSID("$Id: entropy.c,v 1.30 2001/02/26 09:49:59 djm Exp $"); |
43 | 43 | ||
44 | #ifndef offsetof | 44 | #ifndef offsetof |
45 | # define offsetof(type, member) ((size_t) &((type *)0)->member) | 45 | # define offsetof(type, member) ((size_t) &((type *)0)->member) |
@@ -825,13 +825,34 @@ void init_rng(void) | |||
825 | prng_seed_saved = 0; | 825 | prng_seed_saved = 0; |
826 | 826 | ||
827 | /* Give up privs while reading seed file */ | 827 | /* Give up privs while reading seed file */ |
828 | #ifdef SAVED_IDS_WORK_WITH_SETEUID | ||
828 | if ((original_uid != original_euid) && (seteuid(original_uid) == -1)) | 829 | if ((original_uid != original_euid) && (seteuid(original_uid) == -1)) |
829 | fatal("Couldn't give up privileges"); | 830 | fatal("Couldn't give up privileges"); |
831 | #else /* SAVED_IDS_WORK_WITH_SETEUID */ | ||
832 | /* | ||
833 | * Propagate the privileged uid to all of our uids. | ||
834 | * Set the effective uid to the given (unprivileged) uid. | ||
835 | */ | ||
836 | if (original_uid != original_euid && setuid(original_euid) == -1 || | ||
837 | seteuid(original_uid) == -1) | ||
838 | fatal("Couldn't give up privileges"); | ||
839 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ | ||
830 | 840 | ||
831 | prng_read_seedfile(); | 841 | prng_read_seedfile(); |
832 | 842 | ||
843 | #ifdef SAVED_IDS_WORK_WITH_SETEUID | ||
833 | if ((original_uid != original_euid) && (seteuid(original_euid) == -1)) | 844 | if ((original_uid != original_euid) && (seteuid(original_euid) == -1)) |
834 | fatal("Couldn't restore privileges"); | 845 | fatal("Couldn't restore privileges"); |
846 | #else /* SAVED_IDS_WORK_WITH_SETEUID */ | ||
847 | /* | ||
848 | * We are unable to restore the real uid to its unprivileged value. | ||
849 | * Propagate the real uid (usually more privileged) to effective uid | ||
850 | * as well. | ||
851 | */ | ||
852 | if (original_uid != original_euid && seteuid(original_euid) == -1 || | ||
853 | setuid(original_uid) == -1) | ||
854 | fatal("Couldn't restore privileges"); | ||
855 | #endif /* SAVED_IDS_WORK_WITH_SETEUID */ | ||
835 | 856 | ||
836 | fatal_add_cleanup(prng_seed_cleanup, NULL); | 857 | fatal_add_cleanup(prng_seed_cleanup, NULL); |
837 | atexit(prng_write_seedfile); | 858 | atexit(prng_write_seedfile); |