diff --git a/ChangeLog b/ChangeLog index c065225fc..a66669ced 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,6 @@ +20030906 + - (dtucker) [acconfig.h configure.ac uidswap.c] Prefer setuid/setgid on AIX. + 20030905 - (dtucker) [Makefile.in] Add distclean target for regress/, fix clean target. @@ -1021,4 +1024,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2961 2003/09/05 01:35:52 dtucker Exp $ +$Id: ChangeLog,v 1.2962 2003/09/06 06:44:39 dtucker Exp $ diff --git a/acconfig.h b/acconfig.h index c83a45619..ce79146f4 100644 --- a/acconfig.h +++ b/acconfig.h @@ -1,4 +1,4 @@ -/* $Id: acconfig.h,v 1.162 2003/08/26 01:58:16 dtucker Exp $ */ +/* $Id: acconfig.h,v 1.163 2003/09/06 06:44:39 dtucker Exp $ */ /* * Copyright (c) 1999-2003 Damien Miller. All rights reserved. @@ -35,6 +35,12 @@ /* Define if your platform breaks doing a seteuid before a setuid */ #undef SETEUID_BREAKS_SETUID +/* Define if your setreuid() is broken */ +#undef BROKEN_SETREUID + +/* Define if your setregid() is broken */ +#undef BROKEN_SERREGID + /* Define to a Set Process Title type if your system is */ /* supported by bsd-setproctitle.c */ #undef SPT_TYPE diff --git a/configure.ac b/configure.ac index bbc00e703..23f3e5e68 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.143 2003/08/26 01:58:16 dtucker Exp $ +# $Id: configure.ac,v 1.144 2003/09/06 06:44:39 dtucker Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -97,6 +97,9 @@ case "$host" in AC_CHECK_FUNCS(setauthdb) AC_DEFINE(BROKEN_GETADDRINFO) AC_DEFINE(BROKEN_REALPATH) + AC_DEFINE(SETEUID_BREAKS_SETUID) + AC_DEFINE(BROKEN_SETREUID) + AC_DEFINE(BROKEN_SETREGID) dnl AIX handles lastlog as part of its login message AC_DEFINE(DISABLE_LASTLOG) AC_DEFINE(LOGIN_NEEDS_UTMPX) diff --git a/uidswap.c b/uidswap.c index e517da21d..3f13f9bf4 100644 --- a/uidswap.c +++ b/uidswap.c @@ -154,7 +154,7 @@ permanently_set_uid(struct passwd *pw) #if defined(HAVE_SETRESGID) if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) fatal("setresgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); -#elif defined(HAVE_SETREGID) +#elif defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID) if (setregid(pw->pw_gid, pw->pw_gid) < 0) fatal("setregid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); #else @@ -167,7 +167,7 @@ permanently_set_uid(struct passwd *pw) #if defined(HAVE_SETRESUID) if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); -#elif defined(HAVE_SETREUID) +#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID) if (setreuid(pw->pw_uid, pw->pw_uid) < 0) fatal("setreuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); #else