dtucker@openbsd.org 
							
						 
					 
					
						
						
						
						
							
						
						
							7ed01a96a1 
							
						 
					 
					
						
						
							
							upstream commit  
						
						... 
						
						
						
						Revert previous commit.  We still want to call setgroups
 in the case where there are zero groups to remove any that we might otherwise
 inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
 to setgroups is always a static global it's always valid to dereference in
 this case.  ok deraadt@ djm@
Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01 
						
						
					 
					
						2015-06-25 09:50:12 +10:00 
						 
				 
			
				
					
						
							
							
								dtucker@openbsd.org 
							
						 
					 
					
						
						
						
						
							
						
						
							882f8bf94f 
							
						 
					 
					
						
						
							
							upstream commit  
						
						... 
						
						
						
						Revert previous commit.  We still want to call setgroups in
 the case where there are zero groups to remove any that we might otherwise
 inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
 to setgroups is always a static global it's always valid to dereference in
 this case.  ok deraadt@ djm@
Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01 
						
						
					 
					
						2015-06-25 09:48:41 +10:00 
						 
				 
			
				
					
						
							
							
								dtucker@openbsd.org 
							
						 
					 
					
						
						
						
						
							
						
						
							63b78d003b 
							
						 
					 
					
						
						
							
							upstream commit  
						
						... 
						
						
						
						Don't call setgroups if we have zero groups; there's no
 guarantee that it won't try to deref the pointer.  Based on a patch from mail
 at quitesimple.org, ok djm deraadt
Upstream-ID: 2fff85e11d7a9a387ef7fddf41fbfaf566708ab1 
						
						
					 
					
						2015-06-23 10:34:46 +10:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							d1680d36e1 
							
						 
					 
					
						
						
							
							xrealloc -> xreallocarray in portable code too.  
						
						
						
						
					 
					
						2015-04-30 09:18:11 +10:00 
						 
				 
			
				
					
						
							
							
								deraadt@openbsd.org 
							
						 
					 
					
						
						
						
						
							
						
						
							2ae4f337b2 
							
						 
					 
					
						
						
							
							upstream commit  
						
						... 
						
						
						
						Replace <sys/param.h> with <limits.h> and other less
 dirty headers where possible.  Annotate <sys/param.h> lines with their
 current reasons.  Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1,
 LOGIN_NAME_MAX, etc.  Change MIN() and MAX() to local definitions of
 MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution.
 These are the files confirmed through binary verification. ok guenther,
 millert, doug (helped with the verification protocol) 
						
						
					 
					
						2015-01-16 18:24:48 +11:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							89c532d843 
							
						 
					 
					
						
						
							
							- (dtucker) [uidswap.c] Prevent unused variable warnings on Cygwin.  Patch  
						
						... 
						
						
						
						from vinschen at redhat.com 
						
						
					 
					
						2014-01-18 20:43:49 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							0600c7020f 
							
						 
					 
					
						
						
							
							- dtucker@cvs.openbsd.org 2013/11/08 11:15:19  
						
						... 
						
						
						
						[bufaux.c bufbn.c buffer.c sftp-client.c sftp-common.c sftp-glob.c]
     [uidswap.c] Include stdlib.h for free() as per the man page. 
						
						
					 
					
						2013-11-21 13:55:43 +11:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							f60845fde2 
							
						 
					 
					
						
						
							
							- (dtucker) [M auth-chall.c auth-krb5.c auth-pam.c cipher-aes.c cipher-ctr.c  
						
						... 
						
						
						
						groupaccess.c loginrec.c monitor.c monitor_wrap.c session.c sshd.c
   sshlogin.c uidswap.c openbsd-compat/bsd-cygwin_util.c
   openbsd-compat/getrrsetbyname-ldns.c openbsd-compat/port-aix.c
   openbsd-compat/port-linux.c] Replace portable-specific instances of xfree
   with the equivalent calls to free. 
						
						
					 
					
						2013-06-02 08:07:31 +10:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							f96ff18a92 
							
						 
					 
					
						
						
							
							- (dtucker) [uidswap.c openbsd-compat/Makefile.in  
						
						... 
						
						
						
						openbsd-compat/bsd-setres_id.c openbsd-compat/bsd-setres_id.h
   openbsd-compat/openbsd-compat.h]  Move the fallback code for setting uids
   and gids from uidswap.c to the compat library, which allows it to work with
   the new setresuid calls in auth2-pubkey.  with tim@, ok djm@ 
						
						
					 
					
						2012-11-05 17:04:37 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							1598d6bc55 
							
						 
					 
					
						
						
							
							- (djm) [uidswap.c] bz#1412: Support >16 supplemental groups in OS X.  
						
						... 
						
						
						
						Patch based on one from vgiffin AT apple.com; ok dtucker@ 
						
						
					 
					
						2009-01-21 16:04:24 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							d783435315 
							
						 
					 
					
						
						
							
							- deraadt@cvs.openbsd.org 2006/08/03 03:34:42  
						
						... 
						
						
						
						[OVERVIEW atomicio.c atomicio.h auth-bsdauth.c auth-chall.c auth-krb5.c]
     [auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c auth-rhosts.c]
     [auth-rsa.c auth-skey.c auth.c auth.h auth1.c auth2-chall.c auth2-gss.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c ]
     [auth2-pubkey.c auth2.c authfd.c authfd.h authfile.c bufaux.c bufbn.c]
     [buffer.c buffer.h canohost.c channels.c channels.h cipher-3des1.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c dns.h fatal.c groupaccess.c]
     [groupaccess.h gss-genr.c gss-serv-krb5.c gss-serv.c hostfile.c kex.c]
     [kex.h kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c]
     [key.h log.c log.h mac.c match.c md-sha256.c misc.c misc.h moduli.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_mm.h monitor_wrap.c]
     [monitor_wrap.h msg.c nchan.c packet.c progressmeter.c readconf.c]
     [readconf.h readpass.c rsa.c scard.c scard.h scp.c servconf.c servconf.h]
     [serverloop.c session.c session.h sftp-client.c sftp-common.c]
     [sftp-common.h sftp-glob.c sftp-server.c sftp.c ssh-add.c ssh-agent.c]
     [ssh-dss.c ssh-gss.h ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh-rsa.c]
     [ssh.c ssh.h sshconnect.c sshconnect.h sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshlogin.h sshpty.c sshpty.h sshtty.c ttymodes.c]
     [uidswap.c uidswap.h uuencode.c uuencode.h xmalloc.c xmalloc.h]
     [loginrec.c loginrec.h openbsd-compat/port-aix.c openbsd-compat/port-tun.h]
     almost entirely get rid of the culture of ".h files that include .h files"
     ok djm, sort of ok stevesk
     makes the pain stop in one easy step
     NB. portable commit contains everything *except* removing includes.h, as
     that will take a fair bit more work as we move headers that are required
     for portability workarounds to defines.h. (also, this step wasn't "easy") 
						
						
					 
					
						2006-08-05 12:39:39 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							8dbffe7904 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2006/07/26 02:35:17  
						
						... 
						
						
						
						[atomicio.c auth.c dh.c authfile.c buffer.c clientloop.c kex.c]
     [groupaccess.c gss-genr.c kexgexs.c misc.c monitor.c monitor_mm.c]
     [packet.c scp.c serverloop.c session.c sftp-client.c sftp-common.c]
     [sftp-server.c sftp.c ssh-add.c ssh-agent.c ssh-keygen.c sshlogin.c]
     [uidswap.c xmalloc.c]
     move #include <sys/param.h> out of includes.h 
						
						
					 
					
						2006-08-05 11:02:17 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							e3476ed03b 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2006/07/22 20:48:23  
						
						... 
						
						
						
						[atomicio.c auth-options.c auth-passwd.c auth-rhosts.c auth-rsa.c]
     [auth.c auth1.c auth2-chall.c auth2-hostbased.c auth2-passwd.c auth2.c]
     [authfd.c authfile.c bufaux.c bufbn.c buffer.c canohost.c channels.c]
     [cipher-3des1.c cipher-bf1.c cipher-ctr.c cipher.c clientloop.c]
     [compat.c deattack.c dh.c dns.c gss-genr.c gss-serv.c hostfile.c]
     [includes.h kex.c kexdhc.c kexdhs.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c moduli.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c rsa.c]
     [progressmeter.c readconf.c readpass.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c sshconnect2.c]
     [sshd.c sshlogin.c sshpty.c ttymodes.c uidswap.c xmalloc.c]
     move #include <string.h> out of includes.h 
						
						
					 
					
						2006-07-24 14:13:33 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							e6b3b610ec 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2006/07/17 01:31:10  
						
						... 
						
						
						
						[authfd.c authfile.c channels.c cleanup.c clientloop.c groupaccess.c]
     [includes.h log.c misc.c msg.c packet.c progressmeter.c readconf.c]
     [readpass.c scp.c servconf.c sftp-client.c sftp-server.c sftp.c]
     [ssh-add.c ssh-agent.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c ssh.c]
     [sshconnect.c sshlogin.c sshpty.c uidswap.c]
     move #include <unistd.h> out of includes.h 
						
						
					 
					
						2006-07-24 14:01:23 +10:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							3997249346 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2006/07/11 20:07:25  
						
						... 
						
						
						
						[scp.c auth.c monitor.c serverloop.c sftp-server.c sshpty.c readpass.c
     sshd.c monitor_wrap.c monitor_fdpass.c ssh-agent.c ttymodes.c atomicio.c
     includes.h session.c sshlogin.c monitor_mm.c packet.c sshconnect2.c
     sftp-client.c nchan.c clientloop.c sftp.c misc.c canohost.c channels.c
     ssh-keygen.c progressmeter.c uidswap.c msg.c readconf.c sshconnect.c]
     move #include <errno.h> out of includes.h; ok markus@ 
						
						
					 
					
						2006-07-12 22:22:46 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							9f2abc47eb 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2006/07/06 16:03:53  
						
						... 
						
						
						
						[auth-options.c auth-options.h auth-passwd.c auth-rh-rsa.c]
     [auth-rhosts.c auth-rsa.c auth.c auth.h auth2-hostbased.c]
     [auth2-pubkey.c auth2.c includes.h misc.c misc.h monitor.c]
     [monitor_wrap.c monitor_wrap.h scp.c serverloop.c session.c]
     [session.h sftp-common.c ssh-add.c ssh-keygen.c ssh-keysign.c]
     [ssh.c sshconnect.c sshconnect.h sshd.c sshpty.c sshpty.h uidswap.c]
     [uidswap.h]
     move #include <pwd.h> out of includes.h; ok markus@ 
						
						
					 
					
						2006-07-10 20:53:08 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							427a1d57bb 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2006/07/02 22:45:59  
						
						... 
						
						
						
						[groupaccess.c groupaccess.h includes.h session.c sftp-common.c sshpty.c]
     move #include <grp.h> out of includes.h
     (portable needed uidswap.c too) 
						
						
					 
					
						2006-07-10 20:20:33 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							2e5fe88ebe 
							
						 
					 
					
						
						
							
							- markus@cvs.openbsd.org 2006/06/08 14:45:49  
						
						... 
						
						
						
						[readpass.c sshconnect.c sshconnect2.c uidswap.c uidswap.h]
     do not set the gid, noted by solar; ok djm 
						
						
					 
					
						2006-06-13 13:10:00 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							6b4069ad56 
							
						 
					 
					
						
						
							
							- markus@cvs.openbsd.org 2006/06/06 10:20:20  
						
						... 
						
						
						
						[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
     replace remaining setuid() calls with permanently_set_uid() and
     check seteuid() return values; report Marcus Meissner; ok dtucker djm 
						
						
					 
					
						2006-06-13 13:05:15 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							2282c6e305 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2006/04/22 04:06:51  
						
						... 
						
						
						
						[uidswap.c]
     use setres[ug]id() to permanently revoke privileges; ok deraadt@
     (ID Sync only - portable already uses setres[ug]id() whenever possible) 
						
						
					 
					
						2006-04-23 12:11:57 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							57c30117c1 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2006/03/25 13:17:03  
						
						... 
						
						
						
						[atomicio.c auth-bsdauth.c auth-chall.c auth-options.c auth-passwd.c]
     [auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth-skey.c auth.c auth1.c]
     [auth2-chall.c auth2-hostbased.c auth2-kbdint.c auth2-none.c]
     [auth2-passwd.c auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c]
     [buffer.c canohost.c channels.c cipher-3des1.c cipher-bf1.c]
     [cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c compress.c]
     [deattack.c dh.c dispatch.c fatal.c groupaccess.c hostfile.c kex.c]
     [kexdh.c kexdhc.c kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c]
     [mac.c match.c md-sha256.c misc.c monitor.c monitor_fdpass.c]
     [monitor_mm.c monitor_wrap.c msg.c nchan.c packet.c progressmeter.c]
     [readconf.c readpass.c rsa.c scard.c scp.c servconf.c serverloop.c]
     [session.c sftp-client.c sftp-common.c sftp-glob.c sftp-server.c]
     [sftp.c ssh-add.c ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c]
     [ssh-keysign.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c]
     Put $OpenBSD$ tags back (as comments) to replace the RCSID()s that
     Theo nuked - our scripts to sync -portable need them in the files 
						
						
					 
					
						2006-03-26 14:24:48 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							36812092ec 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2006/03/25 01:13:23  
						
						... 
						
						
						
						[buffer.c channels.c deattack.c misc.c scp.c session.c sftp-client.c]
     [sftp-server.c ssh-agent.c ssh-rsa.c xmalloc.c xmalloc.h auth-pam.c]
     [uidswap.c]
     change OpenSSH's xrealloc() function from being xrealloc(p, new_size)
     to xrealloc(p, new_nmemb, new_itemsize).
     realloc is particularly prone to integer overflows because it is
     almost always allocating "n * size" bytes, so this is a far safer
     API; ok deraadt@ 
						
						
					 
					
						2006-03-26 14:22:47 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							b0fb6872ed 
							
						 
					 
					
						
						
							
							- deraadt@cvs.openbsd.org 2006/03/19 18:51:18  
						
						... 
						
						
						
						[atomicio.c auth-bsdauth.c auth-chall.c auth-krb5.c auth-options.c]
     [auth-pam.c auth-passwd.c auth-rh-rsa.c auth-rhosts.c auth-rsa.c]
     [auth-shadow.c auth-skey.c auth.c auth1.c auth2-chall.c]
     [auth2-hostbased.c auth2-kbdint.c auth2-none.c auth2-passwd.c]
     [auth2-pubkey.c auth2.c authfd.c authfile.c bufaux.c buffer.c]
     [canohost.c channels.c cipher-3des1.c cipher-acss.c cipher-aes.c]
     [cipher-bf1.c cipher-ctr.c cipher.c cleanup.c clientloop.c compat.c]
     [compress.c deattack.c dh.c dispatch.c dns.c entropy.c fatal.c]
     [groupaccess.c hostfile.c includes.h kex.c kexdh.c kexdhc.c]
     [kexdhs.c kexgex.c kexgexc.c kexgexs.c key.c log.c loginrec.c]
     [loginrec.h logintest.c mac.c match.c md-sha256.c md5crypt.c misc.c]
     [monitor.c monitor_fdpass.c monitor_mm.c monitor_wrap.c msg.c]
     [nchan.c packet.c progressmeter.c readconf.c readpass.c rsa.c]
     [scard.c scp.c servconf.c serverloop.c session.c sftp-client.c]
     [sftp-common.c sftp-glob.c sftp-server.c sftp.c ssh-add.c]
     [ssh-agent.c ssh-dss.c ssh-keygen.c ssh-keyscan.c ssh-keysign.c]
     [ssh-rand-helper.c ssh-rsa.c ssh.c sshconnect.c sshconnect1.c]
     [sshconnect2.c sshd.c sshlogin.c sshpty.c sshtty.c ttymodes.c]
     [uidswap.c uuencode.c xmalloc.c openbsd-compat/bsd-arc4random.c]
     [openbsd-compat/bsd-closefrom.c openbsd-compat/bsd-cygwin_util.c]
     [openbsd-compat/bsd-getpeereid.c openbsd-compat/bsd-misc.c]
     [openbsd-compat/bsd-nextstep.c openbsd-compat/bsd-snprintf.c]
     [openbsd-compat/bsd-waitpid.c openbsd-compat/fake-rfc2553.c]
     RCSID() can die 
						
						
					 
					
						2006-03-26 00:03:21 +11:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							2ea9b18918 
							
						 
					 
					
						
						
							
							- (dtucker) [uidswap.c] Skip uid restore test on Cygwin.  Patch from  
						
						... 
						
						
						
						vinschen at redhat.com. 
						
						
					 
					
						2005-02-22 17:57:13 +11:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							35beaddc7e 
							
						 
					 
					
						
						
							
							- (dtucker) [uidswap.c] Don't test dropping of gids for the root user or  
						
						... 
						
						
						
						on Cygwin.  Cygwin parts from vinschen at redhat com; ok djm@ 
						
						
					 
					
						2004-10-19 16:33:33 +10:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							2359aa985d 
							
						 
					 
					
						
						
							
							- (dtucker) [uidswap.c] Minor KNF.  ok djm@  
						
						
						
						
					 
					
						2004-02-24 13:17:30 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							a811d9a9a1 
							
						 
					 
					
						
						
							
							- (djm) [groupaccess.c uidswap.c] Bug  #787 : Size group arrays at runtime  
						
						... 
						
						
						
						using sysconf() if available Based on patches from
   holger AT van-lengerich.de and openssh_bugzilla AT hockin.org 
						
						
					 
					
						2004-02-24 13:05:11 +11:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							e937be36c3 
							
						 
					 
					
						
						
							
							- (dtucker) [acconfig.h configure.ac uidswap.c] Bug  #645 : Check for  
						
						... 
						
						
						
						setres[ug]id() present but not implemented (eg some Linux/glibc
   combinations). 
						
						
					 
					
						2003-12-17 18:53:26 +11:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							a8e06cef35 
							
						 
					 
					
						
						
							
							- djm@cvs.openbsd.org 2003/11/21 11:57:03  
						
						... 
						
						
						
						[everything]
     unexpand and delete whitespace at EOL; ok markus@
     (done locally and RCS IDs synced) 
						
						
					 
					
						2003-11-21 23:48:55 +11:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							fbe3b36ca9 
							
						 
					 
					
						
						
							
							- (dtucker) [uidswap.c] Don't test restoration of uid on Cygwin since the  
						
						... 
						
						
						
						OS does not support permanently dropping privileges.  Patch from
   vinschen at redhat.com. 
						
						
					 
					
						2003-09-22 12:54:37 +10:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							9f18be63ab 
							
						 
					 
					
						
						
							
							- (dtucker) [acconfig.h configure.ac uidswap.c] Prefer setuid/setgid on AIX.  
						
						
						
						
					 
					
						2003-09-06 16:44:39 +10:00 
						 
				 
			
				
					
						
							
							
								Darren Tucker 
							
						 
					 
					
						
						
						
						
							
						
						
							400b8786d6 
							
						 
					 
					
						
						
							
							- (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@  
						
						
						
						
					 
					
						2003-06-06 10:46:04 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							5fe46a45c8 
							
						 
					 
					
						
						
							
							- (djm) Implement paranoid priv dropping checks, based on:  
						
						... 
						
						
						
						"SetUID demystified" - Hao Chen, David Wagner and Drew Dean
   Proceedings of USENIX Security Symposium 2002 
						
						
					 
					
						2003-06-05 09:53:31 +10:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							61d3680aca 
							
						 
					 
					
						
						
							
							- deraadt@cvs.openbsd.org 2003/05/29 16:58:45  
						
						... 
						
						
						
						[sshd.c uidswap.c]
     seteuid and setegid; markus ok 
						
						
					 
					
						2003-06-02 19:09:48 +10:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							18d2b5d399 
							
						 
					 
					
						
						
							
							- (bal) [uidswap.c] SCO compile correction by gert@greenie.muc.de  
						
						
						
						
					 
					
						2002-07-30 19:32:07 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							1fa330cf35 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2002/07/15 17:15:31  
						
						... 
						
						
						
						[uidswap.c]
     little more debugging; ok markus@ 
						
						
					 
					
						2002-07-23 21:29:49 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							837461bf9a 
							
						 
					 
					
						
						
							
							- (bal) Build noop setgroups() for cygwin to clean up code (For other  
						
						... 
						
						
						
						platforms without the setgroups() requirement, you MUST define
   SETGROUPS_NOOP in the configure.ac) Based on patch by vinschen@redhat.com  
						
						
					 
					
						2002-06-12 16:57:14 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							10d9936413 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2002/05/28 21:24:00  
						
						... 
						
						
						
						[uidswap.c]
     use correct function name in fatal()
[See the patch above, I saw it before apply the next patch. <sigh>] 
						
						
					 
					
						2002-06-06 20:44:06 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							ca8943e6de 
							
						 
					 
					
						
						
							
							- (bal) Corrected debug() in uidswap.c to match upstream.  
						
						
						
						
					 
					
						2002-06-06 20:42:04 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							abff1dd050 
							
						 
					 
					
						
						
							
							- stevesk@cvs.openbsd.org 2002/05/28 17:28:02  
						
						... 
						
						
						
						[uidswap.c]
     format spec change/casts and some KNF; ok markus@ 
						
						
					 
					
						2002-06-06 20:38:49 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							af40bc6a72 
							
						 
					 
					
						
						
							
							- (bal) mispelling in uidswap.c (portable only)  
						
						
						
						
					 
					
						2002-04-03 03:36:54 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							1e259bb0bf 
							
						 
					 
					
						
						
							
							- (bal) CVS ID sync of uidswap.c  
						
						
						
						
					 
					
						2002-04-02 20:53:39 +00:00 
						 
				 
			
				
					
						
							
							
								Damien Miller 
							
						 
					 
					
						
						
						
						
							
						
						
							9f0f5c64bc 
							
						 
					 
					
						
						
							
							- deraadt@cvs.openbsd.org 2001/12/19 07:18:56  
						
						... 
						
						
						
						[auth1.c auth2.c auth2-chall.c auth-bsdauth.c auth.c authfile.c auth.h]
     [auth-krb4.c auth-rhosts.c auth-skey.c bufaux.c canohost.c channels.c]
     [cipher.c clientloop.c compat.c compress.c deattack.c key.c log.c mac.c]
     [match.c misc.c nchan.c packet.c readconf.c rijndael.c rijndael.h scard.c]
     [servconf.c servconf.h serverloop.c session.c sftp.c sftp-client.c]
     [sftp-glob.c sftp-int.c sftp-server.c ssh-add.c ssh-agent.c ssh.c]
     [sshconnect1.c sshconnect2.c sshconnect.c sshd.8 sshd.c sshd_config]
     [ssh-keygen.c sshlogin.c sshpty.c sshtty.c ttymodes.c uidswap.c]
     basic KNF done while i was looking for something else 
						
						
					 
					
						2001-12-21 14:45:46 +11:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							049e0dd6cf 
							
						 
					 
					
						
						
							
							- markus@cvs.openbsd.org 2001/08/08 21:34:19  
						
						... 
						
						
						
						[uidswap.c]
     undo last change; does not work for sshd 
						
						
					 
					
						2001-08-15 23:17:22 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							a66039373b 
							
						 
					 
					
						
						
							
							- markus@cvs.openbsd.org 2001/08/08 18:20:15  
						
						... 
						
						
						
						[uidswap.c]
     permanently_set_uid is a noop if user is not privilegued;
     fixes bug on solaris; from sbi@uchicago.edu  
						
						
					 
					
						2001-08-15 23:14:49 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							5428bea574 
							
						 
					 
					
						
						
							
							- (bal) White Space and #ifdef sync with OpenBSD  
						
						
						
						
					 
					
						2001-05-06 02:53:25 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							0f85348e89 
							
						 
					 
					
						
						
							
							- (bal) Cygwin lacks setgroups() API.  Patch by Corinna Vinschen  
						
						... 
						
						
						
						<vinschen@redhat.com> 
						
						
					 
					
						2001-04-27 02:10:15 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							4468b260cf 
							
						 
					 
					
						
						
							
							- (bal) Fixed uidswap.c so it should work on non-posix complient systems.  
						
						... 
						
						
						
						patch based on 2.5.2 version by djm. 
						
						
					 
					
						2001-04-26 23:03:37 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							768f975b13 
							
						 
					 
					
						
						
							
							- (bal) Whitespace resync w/ OpenBSD for uidswap.c  
						
						
						
						
					 
					
						2001-04-25 06:27:11 +00:00 
						 
				 
			
				
					
						
							
							
								Ben Lindstrom 
							
						 
					 
					
						
						
						
						
							
						
						
							ee2786a2a1 
							
						 
					 
					
						
						
							
							- markus@cvs.openbsd.org 2001/04/20 16:32:22  
						
						... 
						
						
						
						[uidswap.c]
     set non-privileged gid before uid; tholo@ and deraadt@ 
						
						
					 
					
						2001-04-22 17:08:00 +00:00