diff --git a/ChangeLog b/ChangeLog index 7b4385e5e..fbb777562 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (djm) Rework RedHat RPM files. Based on spec from Nalin Dahyabhai and patches from Pekka Savola + - (djm) Try to drop supplemental groups at daemon startup. Patch from + RedHat 20020509 - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep @@ -553,4 +555,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2101 2002/05/10 02:19:23 djm Exp $ +$Id: ChangeLog,v 1.2102 2002/05/10 02:20:24 djm Exp $ diff --git a/sshd.c b/sshd.c index f3e4d835e..589a1160d 100644 --- a/sshd.c +++ b/sshd.c @@ -1005,6 +1005,16 @@ main(int ac, char **av) if (test_flag) exit(0); + /* + * Clear out any supplemental groups we may have inherited. This + * prevents inadvertent creation of files with bad modes (in the + * portable version at least, it's certainly possible for PAM + * to create a file, and we can't control the code in every + * module which might be used). + */ + if (setgroups(0, NULL) < 0) + debug("setgroups() failed: %.200s", strerror(errno)); + /* Initialize the log (it is reinitialized below in case we forked). */ if (debug_flag && !inetd_flag) log_stderr = 1;