- deraadt@cvs.openbsd.org 2003/05/29 16:58:45

[sshd.c uidswap.c] seteuid and setegid; markus ok
2003-06-02 19:09:48 +10:00 · 2003-06-02 19:09:48 +10:00 · 61d3680aca
parent ab2db41b61
commit 61d3680aca
3 changed files with 13 additions and 4 deletions
--- a/5
+++ b/5
@ -12,6 +12,9 @@
   - djm@cvs.openbsd.org 2003/05/26 12:54:40
     [sshconnect.c]
     fix format strings; ok markus@
+   - deraadt@cvs.openbsd.org 2003/05/29 16:58:45
+     [sshd.c uidswap.c]
+     seteuid and setegid; markus ok

 20030530
 - (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at
@ -1638,4 +1641,4 @@
     save auth method before monitor_reset_key_state(); bugzilla bug #284;
     ok provos@

-$Id: ChangeLog,v 1.2761 2003/06/02 09:09:13 djm Exp $
+$Id: ChangeLog,v 1.2762 2003/06/02 09:09:48 djm Exp $
--- a/sshd.c
+++ b/sshd.c
@ -42,7 +42,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.266 2003/05/24 09:30:40 djm Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.267 2003/05/29 16:58:45 deraadt Exp $");

 #include <openssl/dh.h>
 #include <openssl/bn.h>
@ -564,8 +564,10 @@ privsep_preauth_child(void)
 	do_setusercontext(pw);
 #else
 	gidset[0] = pw->pw_gid;
+	if (setegid(pw->pw_gid) < 0)
+		fatal("setegid failed for %u", (u_int)pw->pw_gid);
 	if (setgid(pw->pw_gid) < 0)
-		fatal("setgid failed for %u", (u_int)pw->pw_gid );
+		fatal("setgid failed for %u", (u_int)pw->pw_gid);
 	if (setgroups(1, gidset) < 0)
 		fatal("setgroups: %.100s", strerror(errno));
 	permanently_set_uid(pw);
--- a/uidswap.c
+++ b/uidswap.c
@ -12,7 +12,7 @@
 */

 #include "includes.h"
-RCSID("$OpenBSD: uidswap.c,v 1.23 2002/07/15 17:15:31 stevesk Exp $");
+RCSID("$OpenBSD: uidswap.c,v 1.24 2003/05/29 16:58:45 deraadt Exp $");

 #include "log.h"
 #include "uidswap.h"
@ -147,8 +147,12 @@ permanently_set_uid(struct passwd *pw)
 		fatal("permanently_set_uid: temporarily_use_uid effective");
 	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,
 	    (u_int)pw->pw_gid);
+	if (setegid(pw->pw_gid) < 0)
+		fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
 	if (setgid(pw->pw_gid) < 0)
 		fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno));
+	if (seteuid(pw->pw_uid) < 0)
+		fatal("seteuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
 	if (setuid(pw->pw_uid) < 0)
 		fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
 }