From 50b9a60082171c12deed0d52f47c03bdc75d8cb4 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 4 Sep 2002 16:50:06 +1000 Subject: - stevesk@cvs.openbsd.org 2002/08/29 19:49:42 [ssh.c] shrink initial privilege bracket for setuid case; ok markus@ --- ChangeLog | 5 ++++- ssh.c | 20 ++++++++++---------- 2 files changed, 14 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index 26d4142cf..677692981 100644 --- a/ChangeLog +++ b/ChangeLog @@ -48,6 +48,9 @@ - stevesk@cvs.openbsd.org 2002/08/29 16:09:02 [ssh_config.5] more on UsePrivilegedPort and setuid root; ok markus@ + - stevesk@cvs.openbsd.org 2002/08/29 19:49:42 + [ssh.c] + shrink initial privilege bracket for setuid case; ok markus@ 20020820 - OpenBSD CVS Sync @@ -1589,4 +1592,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2440 2002/09/04 06:47:35 djm Exp $ +$Id: ChangeLog,v 1.2441 2002/09/04 06:50:06 djm Exp $ diff --git a/ssh.c b/ssh.c index de1e8cc5c..dcbf68d99 100644 --- a/ssh.c +++ b/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.183 2002/08/29 16:02:54 stevesk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.184 2002/08/29 19:49:42 stevesk Exp $"); #include #include @@ -228,6 +228,15 @@ main(int ac, char **av) */ original_real_uid = getuid(); original_effective_uid = geteuid(); + + /* + * Use uid-swapping to give up root privileges for the duration of + * option processing. We will re-instantiate the rights when we are + * ready to create the privileged port, and will permanently drop + * them when the port has been created (actually, when the connection + * has been made, as we may need to create the port several times). + */ + PRIV_END; #ifdef HAVE_SETRLIMIT /* If we are installed setuid root be careful to not drop core. */ @@ -247,15 +256,6 @@ main(int ac, char **av) /* Take a copy of the returned structure. */ pw = pwcopy(pw); - /* - * Use uid-swapping to give up root privileges for the duration of - * option processing. We will re-instantiate the rights when we are - * ready to create the privileged port, and will permanently drop - * them when the port has been created (actually, when the connection - * has been made, as we may need to create the port several times). - */ - PRIV_END; - /* * Set our umask to something reasonable, as some files are created * with the default umask. This will make them world-readable but -- cgit v1.2.3