From 17401b6b772213ae466cb3ac287b4980ff9f7d0d Mon Sep 17 00:00:00 2001
From: Ben Lindstrom <mouring@eviladmin.org>
Date: Wed, 15 May 2002 16:17:56 +0000
Subject:    - millert@cvs.openbsd.org 2002/05/13 15:53:19      [sshd.c]     
 Call setsid() in the child after sshd accepts the connection and forks.     
 This is needed for privsep which calls setlogin() when it changes uids.     
 Without this, there is a race where the login name of an existing     
 connection, as returned by getlogin(), may be changed to the privsep     
 user (sshd).  markus@ OK

---
 sshd.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'sshd.c')

diff --git a/sshd.c b/sshd.c
index 589a1160d..0bd644777 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.240 2002/04/23 22:16:29 djm Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.241 2002/05/13 15:53:19 millert Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1331,6 +1331,14 @@ main(int ac, char **av)
 
 	/* This is the child processing a new connection. */
 
+	/*
+	 * Create a new session and process group since the 4.4BSD
+	 * setlogin() affects the entire process group.  We don't
+	 * want the child to be able to affect the parent.
+	 */
+	if (setsid() < 0)
+		error("setsid: %.100s", strerror(errno));
+
 	/*
 	 * Disable the key regeneration alarm.  We will not regenerate the
 	 * key since we are no longer in a position to give it to anyone. We
-- 
cgit v1.2.3