- markus@cvs.openbsd.org 2006/06/06 10:20:20

[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
     replace remaining setuid() calls with permanently_set_uid() and
     check seteuid() return values; report Marcus Meissner; ok dtucker djm

ChangeLog

@@ -38,6 +38,10 @@
      [sshd.c]
      call get_remote_ipaddr() early; fixes logging after client disconnects;
      report mpf@; ok dtucker@
+   - markus@cvs.openbsd.org 2006/06/06 10:20:20
+     [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
+     replace remaining setuid() calls with permanently_set_uid() and
+     check seteuid() return values; report Marcus Meissner; ok dtucker djm
 
 20060521
  - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
@@ -4671,4 +4675,4 @@
    - (djm) Trim deprecated options from INSTALL. Mention UsePAM
    - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
 
-$Id: ChangeLog,v 1.4340 2006/06/13 03:03:53 djm Exp $
+$Id: ChangeLog,v 1.4341 2006/06/13 03:05:15 djm Exp $

readpass.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.37 2006/03/25 13:17:02 djm Exp $ */
+/* $OpenBSD: readpass.c,v 1.38 2006/06/06 10:20:20 markus Exp $ */
 /*
  * Copyright (c) 2001 Markus Friedl.  All rights reserved.
  *
@@ -37,6 +37,7 @@
 #include "pathnames.h"
 #include "log.h"
 #include "ssh.h"
+#include "uidswap.h"
 
 static char *
 ssh_askpass(char *askpass, const char *msg)
@@ -60,8 +61,7 @@ ssh_askpass(char *askpass, const char *msg)
 		return NULL;
 	}
 	if (pid == 0) {
-		seteuid(getuid());
+		permanently_set_uid(getpwuid(getuid()));
-		setuid(getuid());
 		close(p[0]);
 		if (dup2(p[1], STDOUT_FILENO) < 0)
 			fatal("ssh_askpass: dup2: %s", strerror(errno));

sshconnect.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.182 2006/05/17 12:43:34 markus Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.183 2006/06/06 10:20:20 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -97,8 +97,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
 		char *argv[10];
 
 		/* Child.  Permanently give up superuser privileges. */
-		seteuid(original_real_uid);
+		permanently_set_uid(getpwuid(original_real_uid));
-		setuid(original_real_uid);
 
 		/* Redirect stdin and stdout. */
 		close(pin[1]);

sshconnect.h

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.19 2006/03/25 22:22:43 djm Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.20 2006/06/06 10:20:20 markus Exp $ */
 
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
@@ -56,13 +56,17 @@ int	 ssh_local_cmd(const char *);
  */
 #define PRIV_START do {					\
 	int save_errno = errno;				\
-	(void)seteuid(original_effective_uid);	\
+	if (seteuid(original_effective_uid) != 0)	\
+		fatal("PRIV_START: seteuid: %s",	\
+		    strerror(errno));			\
 	errno = save_errno;				\
 } while (0)
 
 #define PRIV_END do {					\
 	int save_errno = errno;				\
-	(void)seteuid(original_real_uid);	\
+	if (seteuid(original_real_uid) != 0)		\
+		fatal("PRIV_END: seteuid: %s",		\
+		    strerror(errno));			\
 	errno = save_errno;				\
 } while (0)
 

sshconnect2.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.153 2006/05/08 10:49:48 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.154 2006/06/06 10:20:20 markus Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  *
@@ -53,6 +53,7 @@
 #include "canohost.h"
 #include "msg.h"
 #include "pathnames.h"
+#include "uidswap.h"
 
 #ifdef GSSAPI
 #include "ssh-gss.h"
@@ -1252,8 +1253,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
 		return -1;
 	}
 	if (pid == 0) {
-		seteuid(getuid());
+		permanently_set_uid(getpwuid(getuid()));
-		setuid(getuid());
 		close(from[0]);
 		if (dup2(from[1], STDOUT_FILENO) < 0)
 			fatal("ssh_keysign: dup2: %s", strerror(errno));

uidswap.c

@@ -1,4 +1,4 @@
-/* $OpenBSD: uidswap.c,v 1.27 2006/04/22 04:06:51 djm Exp $ */
+/* $OpenBSD: uidswap.c,v 1.28 2006/06/06 10:20:20 markus Exp $ */
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -169,6 +169,8 @@ permanently_set_uid(struct passwd *pw)
 	uid_t old_uid = getuid();
 	gid_t old_gid = getgid();
 
+	if (pw == NULL)
+		fatal("permanently_set_uid: no user given");
 	if (temporarily_use_uid_effective)
 		fatal("permanently_set_uid: temporarily_use_uid effective");
 	debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,