From fbcc3f71f24cf92fecc0bd51ec70271e5488e908 Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Tue, 25 Jun 2002 23:24:18 +0000 Subject: [PATCH] - markus@cvs.openbsd.org 2002/06/25 18:51:04 [sshd.c] lightweight do_setusercontext after chroot() --- ChangeLog | 5 ++++- sshd.c | 13 ++++++++++++- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5f363d9ec..d3c7590dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,9 @@ - markus@cvs.openbsd.org 2002/06/25 16:22:42 [authfd.c] unnecessary cast + - markus@cvs.openbsd.org 2002/06/25 18:51:04 + [sshd.c] + lightweight do_setusercontext after chroot() 20020625 - (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh @@ -1121,4 +1124,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2280 2002/06/25 23:22:54 mouring Exp $ +$Id: ChangeLog,v 1.2281 2002/06/25 23:24:18 mouring Exp $ diff --git a/sshd.c b/sshd.c index 18df8ab8f..851fad4be 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.250 2002/06/23 10:29:52 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $"); #include #include @@ -530,6 +530,7 @@ static void privsep_preauth_child(void) { u_int32_t rand[256]; + gid_t gidset[2]; struct passwd *pw; int i; @@ -559,7 +560,17 @@ privsep_preauth_child(void) /* Drop our privileges */ debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); +#if 0 + /* XXX not ready, to heavy after chroot */ do_setusercontext(pw); +#else + gidset[0] = pw->pw_gid; + if (setgid(pw->pw_gid) < 0) + fatal("setgid failed for %u", pw->pw_gid ); + if (setgroups(1, gidset) < 0) + fatal("setgroups: %.100s", strerror(errno)); + permanently_set_uid(pw); +#endif } static Authctxt*