tyler.durden
/
openssh-portable
mirror of https://github.com/PowerShell/openssh-portable.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

upstream: Now that ssh can't be setuid, remove the 

original_real_uid and original_effective_uid globals and replace with calls
to plain getuid(). ok djm@

OpenBSD-Commit-ID: 92561c0cd418d34e6841e20ba09160583e27b68c
This commit is contained in:
dtucker@openbsd.org 2018-07-27 05:34:42 +00:00 committed by Damien Miller
parent 73ddb25bae
commit e655ee04a3
4 changed files with 13 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.295 2018/07/27 05:13:02 dtucker Exp $ */ /* $OpenBSD: readconf.c,v 1.296 2018/07/27 05:34:42 dtucker Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -320,7 +320,6 @@ void
add_local_forward(Options *options, const struct Forward *newfwd) add_local_forward(Options *options, const struct Forward *newfwd)
{ {
struct Forward *fwd; struct Forward *fwd;
extern uid_t original_real_uid;
int i; int i;
/* Don't add duplicates */ /* Don't add duplicates */
@ -480,7 +479,6 @@ execute_in_shell(const char *cmd)
char *shell; char *shell;
pid_t pid; pid_t pid;
int devnull, status; int devnull, status;
extern uid_t original_real_uid;
if ((shell = getenv("SHELL")) == NULL) if ((shell = getenv("SHELL")) == NULL)
shell = _PATH_BSHELL; shell = _PATH_BSHELL;

10
ssh-keysign.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh-keysign.c,v 1.54 2018/02/23 15:58:38 markus Exp $ */ /* $OpenBSD: ssh-keysign.c,v 1.55 2018/07/27 05:34:42 dtucker Exp $ */
/* /*
* Copyright (c) 2002 Markus Friedl. All rights reserved. * Copyright (c) 2002 Markus Friedl. All rights reserved.
* *
@ -62,11 +62,6 @@ struct ssh *active_state = NULL; /* XXX needed for linking */
extern char *__progname; extern char *__progname;
/* XXX readconf.c needs these */
uid_t original_real_uid;
extern char *__progname;
static int static int
valid_request(struct passwd *pw, char *host, struct sshkey **ret, valid_request(struct passwd *pw, char *host, struct sshkey **ret,
u_char *data, size_t datalen) u_char *data, size_t datalen)
@ -201,8 +196,7 @@ main(int argc, char **argv)
key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY);
key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
original_real_uid = getuid(); /* XXX readconf.c needs this */ if ((pw = getpwuid(getuid())) == NULL)
if ((pw = getpwuid(original_real_uid)) == NULL)
fatal("getpwuid failed"); fatal("getpwuid failed");
pw = pwcopy(pw); pw = pwcopy(pw);

31
ssh.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: ssh.c,v 1.489 2018/07/25 13:10:56 beck Exp $ */ /* $OpenBSD: ssh.c,v 1.490 2018/07/27 05:34:42 dtucker Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -177,10 +177,6 @@ struct sockaddr_storage hostaddr;
/* Private host keys. */ /* Private host keys. */
Sensitive sensitive_data; Sensitive sensitive_data;
/* Original real UID. */
uid_t original_real_uid;
uid_t original_effective_uid;
/* command to be executed */ /* command to be executed */
struct sshbuf *command; struct sshbuf *command;
@ -223,7 +219,7 @@ tilde_expand_paths(char **paths, u_int num_paths)
char *cp; char *cp;
for (i = 0; i < num_paths; i++) { for (i = 0; i < num_paths; i++) {
cp = tilde_expand_filename(paths[i], original_real_uid); cp = tilde_expand_filename(paths[i], getuid());
free(paths[i]); free(paths[i]);
paths[i] = cp; paths[i] = cp;
} }
@ -620,17 +616,10 @@ main(int ac, char **av)
*/ */
closefrom(STDERR_FILENO + 1); closefrom(STDERR_FILENO + 1);
/*
* Save the original real uid. It will be needed later (uid-swapping
* may clobber the real uid).
*/
original_real_uid = getuid();
original_effective_uid = geteuid();
/* Get user data. */ /* Get user data. */
pw = getpwuid(original_real_uid); pw = getpwuid(getuid());
if (!pw) { if (!pw) {
logit("No user exists for uid %lu", (u_long)original_real_uid); logit("No user exists for uid %lu", (u_long)getuid());
exit(255); exit(255);
} }
/* Take a copy of the returned structure. */ /* Take a copy of the returned structure. */
@ -773,7 +762,7 @@ main(int ac, char **av)
options.gss_deleg_creds = 1; options.gss_deleg_creds = 1;
break; break;
case 'i': case 'i':
p = tilde_expand_filename(optarg, original_real_uid); p = tilde_expand_filename(optarg, getuid());
if (stat(p, &st) < 0) if (stat(p, &st) < 0)
fprintf(stderr, "Warning: Identity file %s " fprintf(stderr, "Warning: Identity file %s "
"not accessible: %s.\n", p, "not accessible: %s.\n", p,
@ -1321,8 +1310,7 @@ main(int ac, char **av)
} }
if (options.control_path != NULL) { if (options.control_path != NULL) {
cp = tilde_expand_filename(options.control_path, cp = tilde_expand_filename(options.control_path, getuid());
original_real_uid);
free(options.control_path); free(options.control_path);
options.control_path = percent_expand(cp, options.control_path = percent_expand(cp,
"C", conn_hash_hex, "C", conn_hash_hex,
@ -1450,7 +1438,7 @@ main(int ac, char **av)
unsetenv(SSH_AUTHSOCKET_ENV_NAME); unsetenv(SSH_AUTHSOCKET_ENV_NAME);
} else { } else {
p = tilde_expand_filename(options.identity_agent, p = tilde_expand_filename(options.identity_agent,
original_real_uid); getuid());
cp = percent_expand(p, cp = percent_expand(p,
"d", pw->pw_dir, "d", pw->pw_dir,
"h", host, "h", host,
@ -2018,8 +2006,7 @@ load_public_identity_files(struct passwd *pw)
options.identity_files[i] = NULL; options.identity_files[i] = NULL;
continue; continue;
} }
cp = tilde_expand_filename(options.identity_files[i], cp = tilde_expand_filename(options.identity_files[i], getuid());
original_real_uid);
filename = percent_expand(cp, "d", pw->pw_dir, filename = percent_expand(cp, "d", pw->pw_dir,
"u", pw->pw_name, "l", thishost, "h", host, "u", pw->pw_name, "l", thishost, "h", host,
"r", options.user, (char *)NULL); "r", options.user, (char *)NULL);
@ -2070,7 +2057,7 @@ load_public_identity_files(struct passwd *pw)
fatal("%s: too many certificates", __func__); fatal("%s: too many certificates", __func__);
for (i = 0; i < options.num_certificate_files; i++) { for (i = 0; i < options.num_certificate_files; i++) {
cp = tilde_expand_filename(options.certificate_files[i], cp = tilde_expand_filename(options.certificate_files[i],
original_real_uid); getuid());
filename = percent_expand(cp, filename = percent_expand(cp,
"d", pw->pw_dir, "d", pw->pw_dir,
"h", host, "h", host,

4
sshconnect.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: sshconnect.c,v 1.303 2018/07/19 23:03:16 dtucker Exp $ */ /* $OpenBSD: sshconnect.c,v 1.304 2018/07/27 05:34:42 dtucker Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -80,8 +80,6 @@ static pid_t proxy_command_pid = 0;
/* import */ /* import */
extern Options options; extern Options options;
extern char *__progname; extern char *__progname;
extern uid_t original_real_uid;
extern uid_t original_effective_uid;
static int show_other_keys(struct hostkeys *, struct sshkey *); static int show_other_keys(struct hostkeys *, struct sshkey *);
static void warn_changed_key(struct sshkey *); static void warn_changed_key(struct sshkey *);