diff options
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 15 |
1 files changed, 10 insertions, 5 deletions
@@ -42,7 +42,7 @@ | |||
42 | */ | 42 | */ |
43 | 43 | ||
44 | #include "includes.h" | 44 | #include "includes.h" |
45 | RCSID("$OpenBSD: sshd.c,v 1.234 2002/03/19 10:49:35 markus Exp $"); | 45 | RCSID("$OpenBSD: sshd.c,v 1.235 2002/03/20 19:12:25 stevesk Exp $"); |
46 | 46 | ||
47 | #include <openssl/dh.h> | 47 | #include <openssl/dh.h> |
48 | #include <openssl/bn.h> | 48 | #include <openssl/bn.h> |
@@ -521,6 +521,7 @@ privsep_preauth_child(void) | |||
521 | { | 521 | { |
522 | u_int32_t rand[256]; | 522 | u_int32_t rand[256]; |
523 | int i; | 523 | int i; |
524 | struct passwd *pw; | ||
524 | 525 | ||
525 | /* Enable challenge-response authentication for privilege separation */ | 526 | /* Enable challenge-response authentication for privilege separation */ |
526 | privsep_challenge_enable(); | 527 | privsep_challenge_enable(); |
@@ -532,6 +533,11 @@ privsep_preauth_child(void) | |||
532 | /* Demote the private keys to public keys. */ | 533 | /* Demote the private keys to public keys. */ |
533 | demote_sensitive_data(); | 534 | demote_sensitive_data(); |
534 | 535 | ||
536 | if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) | ||
537 | fatal("%s: no user", SSH_PRIVSEP_USER); | ||
538 | memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); | ||
539 | endpwent(); | ||
540 | |||
535 | /* Change our root directory*/ | 541 | /* Change our root directory*/ |
536 | if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) | 542 | if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) |
537 | fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, | 543 | fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, |
@@ -540,10 +546,9 @@ privsep_preauth_child(void) | |||
540 | fatal("chdir(/)"); | 546 | fatal("chdir(/)"); |
541 | 547 | ||
542 | /* Drop our privileges */ | 548 | /* Drop our privileges */ |
543 | setegid(options.unprivileged_group); | 549 | debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, |
544 | setgid(options.unprivileged_group); | 550 | (u_int)pw->pw_gid); |
545 | seteuid(options.unprivileged_user); | 551 | do_setusercontext(pw); |
546 | setuid(options.unprivileged_user); | ||
547 | } | 552 | } |
548 | 553 | ||
549 | static void | 554 | static void |