tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream commit 

always call privsep_preauth_child() regardless of whether
 sshd was started by root; it does important priming before sandboxing and
 failing to call it could result in sandbox violations later; ok markus@

Upstream-ID: c8a6d0d56c42f3faab38460dc917ca0d1705d383
This commit is contained in:
djm@openbsd.org 2015-11-16 22:51:05 +00:00 committed by Damien Miller
parent 3a9f84b58b
commit 5b4010d9b9
1 changed files with 18 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
sshd.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshd.c,v 1.459 2015/09/04 08:21:47 dtucker Exp $ */ /* $OpenBSD: sshd.c,v 1.460 2015/11/16 22:51:05 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -632,25 +632,23 @@ privsep_preauth_child(void)
/* Demote the private keys to public keys. */ /* Demote the private keys to public keys. */
demote_sensitive_data(); demote_sensitive_data();
/* Change our root directory */ /* Demote the child */
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) if (getuid() == 0 || geteuid() == 0) {
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, /* Change our root directory */
strerror(errno)); if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
if (chdir("/") == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
fatal("chdir(\"/\"): %s", strerror(errno)); strerror(errno));
if (chdir("/") == -1)
fatal("chdir(\"/\"): %s", strerror(errno));
/* Drop our privileges */ /* Drop our privileges */
debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
(u_int)privsep_pw->pw_gid); (u_int)privsep_pw->pw_gid);
#if 0 gidset[0] = privsep_pw->pw_gid;
/* XXX not ready, too heavy after chroot */ if (setgroups(1, gidset) < 0)
do_setusercontext(privsep_pw); fatal("setgroups: %.100s", strerror(errno));
#else permanently_set_uid(privsep_pw);
gidset[0] = privsep_pw->pw_gid; }
if (setgroups(1, gidset) < 0)
fatal("setgroups: %.100s", strerror(errno));
permanently_set_uid(privsep_pw);
#endif
} }
static int static int
@ -716,9 +714,7 @@ privsep_preauth(Authctxt *authctxt)
/* Arrange for logging to be sent to the monitor */ /* Arrange for logging to be sent to the monitor */
set_log_handler(mm_log_handler, pmonitor); set_log_handler(mm_log_handler, pmonitor);
/* Demote the child */ privsep_preauth_child();
if (getuid() == 0 || geteuid() == 0)
privsep_preauth_child();
setproctitle("%s", "[net]"); setproctitle("%s", "[net]");
if (box != NULL) if (box != NULL)
ssh_sandbox_child(box); ssh_sandbox_child(box);