From 86c093d2895989d1258459b797ce3630eaa47d1a Mon Sep 17 00:00:00 2001 From: Darren Tucker <dtucker@zip.com.au> Date: Mon, 8 Mar 2004 22:59:03 +1100 Subject: [PATCH] - (dtucker) [configure.ac sshd.c openbsd-compat/bsd-misc.h openbsd-compat/setenv.c] Unset KRB5CCNAME on AIX to prevent it from being inherited by the child. ok djm@ --- configure.ac | 4 ++-- openbsd-compat/bsd-misc.h | 6 +++++- openbsd-compat/setenv.c | 8 ++++++-- sshd.c | 7 +++++++ 4 files changed, 20 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index fc765b472..8eea75589 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.204 2004/03/03 00:08:59 djm Exp $ +# $Id: configure.ac,v 1.205 2004/03/08 11:59:03 dtucker Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -802,7 +802,7 @@ AC_CHECK_FUNCS(\ setproctitle setregid setreuid setrlimit \ setsid setvbuf sigaction sigvec snprintf socketpair strerror \ strlcat strlcpy strmode strnvis strtoul sysconf tcgetpgrp \ - truncate updwtmpx utimes vhangup vsnprintf waitpid \ + truncate unsetenv updwtmpx utimes vhangup vsnprintf waitpid \ ) # IRIX has a const char return value for gai_strerror() diff --git a/openbsd-compat/bsd-misc.h b/openbsd-compat/bsd-misc.h index c8073942c..009739b14 100644 --- a/openbsd-compat/bsd-misc.h +++ b/openbsd-compat/bsd-misc.h @@ -1,4 +1,4 @@ -/* $Id: bsd-misc.h,v 1.14 2004/02/17 05:49:55 djm Exp $ */ +/* $Id: bsd-misc.h,v 1.15 2004/03/08 11:59:03 dtucker Exp $ */ /* * Copyright (c) 1999-2004 Damien Miller <djm@mindrot.org> @@ -89,6 +89,10 @@ pid_t tcgetpgrp(int); int tcsendbreak(int, int); #endif +#ifndef HAVE_UNSETENV +void unsetenv(const char *); +#endif + /* wrapper for signal interface */ typedef void (*mysig_t)(int); mysig_t mysignal(int sig, mysig_t act); diff --git a/openbsd-compat/setenv.c b/openbsd-compat/setenv.c index b7ba0ce83..c3a86c651 100644 --- a/openbsd-compat/setenv.c +++ b/openbsd-compat/setenv.c @@ -30,7 +30,7 @@ */ #include "includes.h" -#ifndef HAVE_SETENV +#if !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) #if defined(LIBC_SCCS) && !defined(lint) static char *rcsid = "$OpenBSD: setenv.c,v 1.6 2003/06/02 20:18:38 millert Exp $"; @@ -77,6 +77,7 @@ __findenv(name, offset) return (NULL); } +#ifndef HAVE_SETENV /* * setenv -- * Set the value of the environmental variable "name" to be @@ -138,7 +139,9 @@ setenv(name, value, rewrite) ; return (0); } +#endif /* HAVE_SETENV */ +#ifndef HAVE_UNSETENV /* * unsetenv(name) -- * Delete environmental variable "name". @@ -157,5 +160,6 @@ unsetenv(name) if (!(*P = *(P + 1))) break; } +#endif /* HAVE_UNSETENV */ -#endif /* HAVE_SETENV */ +#endif /* !defined(HAVE_SETENV) || !defined(HAVE_UNSETENV) */ diff --git a/sshd.c b/sshd.c index 2c224b9c3..3247091a4 100644 --- a/sshd.c +++ b/sshd.c @@ -939,6 +939,13 @@ main(int ac, char **av) SYSLOG_FACILITY_AUTH : options.log_facility, log_stderr || !inetd_flag); +#ifdef _AIX + /* + * Unset KRB5CCNAME, otherwise the user's session may inherit it from + * root's environment + */ + unsetenv("KRB5CCNAME"); +#endif /* _AIX */ #ifdef _UNICOS /* Cray can define user privs drop all prives now! * Not needed on PRIV_SU systems!