summaryrefslogtreecommitdiff
path: root/ssh.c
diff options
context:
space:
mode:
Diffstat (limited to 'ssh.c')
-rw-r--r--ssh.c37
1 files changed, 2 insertions, 35 deletions
diff --git a/ssh.c b/ssh.c
index 609c209d1..49a9fab20 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.486 2018/07/16 22:25:01 dtucker Exp $ */ 1/* $OpenBSD: ssh.c,v 1.487 2018/07/18 11:34:04 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -104,7 +104,6 @@
104#include "sshpty.h" 104#include "sshpty.h"
105#include "match.h" 105#include "match.h"
106#include "msg.h" 106#include "msg.h"
107#include "uidswap.h"
108#include "version.h" 107#include "version.h"
109#include "ssherr.h" 108#include "ssherr.h"
110#include "myproposal.h" 109#include "myproposal.h"
@@ -628,24 +627,6 @@ main(int ac, char **av)
628 original_real_uid = getuid(); 627 original_real_uid = getuid();
629 original_effective_uid = geteuid(); 628 original_effective_uid = geteuid();
630 629
631 /*
632 * Use uid-swapping to give up root privileges for the duration of
633 * option processing. We will re-instantiate the rights when we are
634 * ready to create the privileged port, and will permanently drop
635 * them when the port has been created (actually, when the connection
636 * has been made, as we may need to create the port several times).
637 */
638 PRIV_END;
639
640#ifdef HAVE_SETRLIMIT
641 /* If we are installed setuid root be careful to not drop core. */
642 if (original_real_uid != original_effective_uid) {
643 struct rlimit rlim;
644 rlim.rlim_cur = rlim.rlim_max = 0;
645 if (setrlimit(RLIMIT_CORE, &rlim) < 0)
646 fatal("setrlimit failed: %.100s", strerror(errno));
647 }
648#endif
649 /* Get user data. */ 630 /* Get user data. */
650 pw = getpwuid(original_real_uid); 631 pw = getpwuid(original_real_uid);
651 if (!pw) { 632 if (!pw) {
@@ -1448,22 +1429,8 @@ main(int ac, char **av)
1448 L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9); 1429 L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9);
1449 } 1430 }
1450 } 1431 }
1451 /*
1452 * Get rid of any extra privileges that we may have. We will no
1453 * longer need them. Also, extra privileges could make it very hard
1454 * to read identity files and other non-world-readable files from the
1455 * user's home directory if it happens to be on a NFS volume where
1456 * root is mapped to nobody.
1457 */
1458 if (original_effective_uid == 0) {
1459 PRIV_START;
1460 permanently_set_uid(pw);
1461 }
1462 1432
1463 /* 1433 /* Create ~/.ssh * directory if it doesn't already exist. */
1464 * Now that we are back to our own permissions, create ~/.ssh
1465 * directory if it doesn't already exist.
1466 */
1467 if (config == NULL) { 1434 if (config == NULL) {
1468 r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, 1435 r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
1469 strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); 1436 strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);