- (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
it does the right thing on all platforms. ok djm@
This commit is contained in:
parent
397a2f2612
commit
25f60a7ee7
|
@ -1,3 +1,7 @@
|
||||||
|
20040815
|
||||||
|
- (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
|
||||||
|
it does the right thing on all platforms. ok djm@
|
||||||
|
|
||||||
20040814
|
20040814
|
||||||
- (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
|
- (dtucker) [auth-krb5.c gss-serv-krb5.c openbsd-compat/xmmap.c]
|
||||||
Explicitly set umask for mkstemp; ok djm@
|
Explicitly set umask for mkstemp; ok djm@
|
||||||
|
@ -1631,4 +1635,4 @@
|
||||||
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
|
||||||
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.3508 2004/08/14 14:09:11 dtucker Exp $
|
$Id: ChangeLog,v 1.3509 2004/08/15 07:23:34 dtucker Exp $
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
# $Id: Makefile.in,v 1.261 2004/06/23 03:21:54 mouring Exp $
|
# $Id: Makefile.in,v 1.262 2004/08/15 07:23:34 dtucker Exp $
|
||||||
|
|
||||||
# uncomment if you run a non bourne compatable shell. Ie. csh
|
# uncomment if you run a non bourne compatable shell. Ie. csh
|
||||||
#SHELL = @SH@
|
#SHELL = @SH@
|
||||||
|
@ -67,7 +67,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o buffer.o \
|
||||||
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
|
compat.o compress.o crc32.o deattack.o fatal.o hostfile.o \
|
||||||
log.o match.o moduli.o mpaux.o nchan.o packet.o \
|
log.o match.o moduli.o mpaux.o nchan.o packet.o \
|
||||||
readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \
|
readpass.o rsa.o tildexpand.o ttymodes.o xmalloc.o \
|
||||||
atomicio.o key.o dispatch.o kex.o mac.o uuencode.o misc.o \
|
atomicio.o key.o dispatch.o kex.o mac.o uidswap.c uuencode.o misc.o \
|
||||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
|
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
|
||||||
kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
|
kexgex.o kexdhc.o kexgexc.o scard.o msg.o progressmeter.o dns.o \
|
||||||
entropy.o scard-opensc.o gss-genr.o
|
entropy.o scard-opensc.o gss-genr.o
|
||||||
|
@ -76,7 +76,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
||||||
sshconnect.o sshconnect1.o sshconnect2.o
|
sshconnect.o sshconnect1.o sshconnect2.o
|
||||||
|
|
||||||
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
|
SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
|
||||||
sshpty.o sshlogin.o servconf.o serverloop.o uidswap.o \
|
sshpty.o sshlogin.o servconf.o serverloop.o \
|
||||||
auth.o auth1.o auth2.o auth-options.o session.o \
|
auth.o auth1.o auth2.o auth-options.o session.o \
|
||||||
auth-chall.o auth2-chall.o groupaccess.o \
|
auth-chall.o auth2-chall.o groupaccess.o \
|
||||||
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
|
auth-skey.o auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \
|
||||||
|
|
|
@ -41,6 +41,7 @@ RCSID("$OpenBSD: ssh-keysign.c,v 1.16 2004/04/18 23:10:26 djm Exp $");
|
||||||
#include "canohost.h"
|
#include "canohost.h"
|
||||||
#include "pathnames.h"
|
#include "pathnames.h"
|
||||||
#include "readconf.h"
|
#include "readconf.h"
|
||||||
|
#include "uidswap.h"
|
||||||
|
|
||||||
/* XXX readconf.c needs these */
|
/* XXX readconf.c needs these */
|
||||||
uid_t original_real_uid;
|
uid_t original_real_uid;
|
||||||
|
@ -150,8 +151,11 @@ main(int argc, char **argv)
|
||||||
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
|
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
|
||||||
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
|
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
|
||||||
|
|
||||||
seteuid(getuid());
|
if ((pw = getpwuid(getuid())) == NULL)
|
||||||
setuid(getuid());
|
fatal("getpwuid failed");
|
||||||
|
pw = pwcopy(pw);
|
||||||
|
|
||||||
|
permanently_set_uid(pw);
|
||||||
|
|
||||||
init_rng();
|
init_rng();
|
||||||
seed_rng();
|
seed_rng();
|
||||||
|
@ -173,10 +177,6 @@ main(int argc, char **argv)
|
||||||
if (key_fd[0] == -1 && key_fd[1] == -1)
|
if (key_fd[0] == -1 && key_fd[1] == -1)
|
||||||
fatal("could not open any host key");
|
fatal("could not open any host key");
|
||||||
|
|
||||||
if ((pw = getpwuid(getuid())) == NULL)
|
|
||||||
fatal("getpwuid failed");
|
|
||||||
pw = pwcopy(pw);
|
|
||||||
|
|
||||||
SSLeay_add_all_algorithms();
|
SSLeay_add_all_algorithms();
|
||||||
for (i = 0; i < 256; i++)
|
for (i = 0; i < 256; i++)
|
||||||
rnd[i] = arc4random();
|
rnd[i] = arc4random();
|
||||||
|
|
7
ssh.c
7
ssh.c
|
@ -71,6 +71,7 @@ RCSID("$OpenBSD: ssh.c,v 1.224 2004/07/28 09:40:29 markus Exp $");
|
||||||
#include "match.h"
|
#include "match.h"
|
||||||
#include "msg.h"
|
#include "msg.h"
|
||||||
#include "monitor_fdpass.h"
|
#include "monitor_fdpass.h"
|
||||||
|
#include "uidswap.h"
|
||||||
|
|
||||||
#ifdef SMARTCARD
|
#ifdef SMARTCARD
|
||||||
#include "scard.h"
|
#include "scard.h"
|
||||||
|
@ -644,8 +645,10 @@ again:
|
||||||
* user's home directory if it happens to be on a NFS volume where
|
* user's home directory if it happens to be on a NFS volume where
|
||||||
* root is mapped to nobody.
|
* root is mapped to nobody.
|
||||||
*/
|
*/
|
||||||
seteuid(original_real_uid);
|
if (original_effective_uid == 0) {
|
||||||
setuid(original_real_uid);
|
PRIV_START;
|
||||||
|
permanently_set_uid(pw);
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Now that we are back to our own permissions, create ~/.ssh
|
* Now that we are back to our own permissions, create ~/.ssh
|
||||||
|
|
Loading…
Reference in New Issue