RepoMirrors
/
openssh
mirror of git://anongit.mindrot.org/openssh.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

- stevesk@cvs.openbsd.org 2002/08/29 19:49:42 

[ssh.c]
     shrink initial privilege bracket for setuid case; ok markus@
This commit is contained in:
Damien Miller 2002-09-04 16:50:06 +10:00
parent 9b1dacdf2c
commit 50b9a60082
2 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@ -48,6 +48,9 @@
- stevesk@cvs.openbsd.org 2002/08/29 16:09:02 - stevesk@cvs.openbsd.org 2002/08/29 16:09:02
[ssh_config.5] [ssh_config.5]
more on UsePrivilegedPort and setuid root; ok markus@ more on UsePrivilegedPort and setuid root; ok markus@
- stevesk@cvs.openbsd.org 2002/08/29 19:49:42
[ssh.c]
shrink initial privilege bracket for setuid case; ok markus@
20020820 20020820
- OpenBSD CVS Sync - OpenBSD CVS Sync
@ -1589,4 +1592,4 @@
- (stevesk) entropy.c: typo in debug message - (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@ - (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2440 2002/09/04 06:47:35 djm Exp $ $Id: ChangeLog,v 1.2441 2002/09/04 06:50:06 djm Exp $

20
ssh.c
View File

@ -40,7 +40,7 @@
*/ */
#include "includes.h" #include "includes.h"
RCSID("$OpenBSD: ssh.c,v 1.183 2002/08/29 16:02:54 stevesk Exp $"); RCSID("$OpenBSD: ssh.c,v 1.184 2002/08/29 19:49:42 stevesk Exp $");
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/err.h> #include <openssl/err.h>
@ -229,6 +229,15 @@ main(int ac, char **av)
original_real_uid = getuid(); original_real_uid = getuid();
original_effective_uid = geteuid(); original_effective_uid = geteuid();
/*
* Use uid-swapping to give up root privileges for the duration of
* option processing. We will re-instantiate the rights when we are
* ready to create the privileged port, and will permanently drop
* them when the port has been created (actually, when the connection
* has been made, as we may need to create the port several times).
*/
PRIV_END;
#ifdef HAVE_SETRLIMIT #ifdef HAVE_SETRLIMIT
/* If we are installed setuid root be careful to not drop core. */ /* If we are installed setuid root be careful to not drop core. */
if (original_real_uid != original_effective_uid) { if (original_real_uid != original_effective_uid) {
@ -247,15 +256,6 @@ main(int ac, char **av)
/* Take a copy of the returned structure. */ /* Take a copy of the returned structure. */
pw = pwcopy(pw); pw = pwcopy(pw);
/*
* Use uid-swapping to give up root privileges for the duration of
* option processing. We will re-instantiate the rights when we are
* ready to create the privileged port, and will permanently drop
* them when the port has been created (actually, when the connection
* has been made, as we may need to create the port several times).
*/
PRIV_END;
/* /*
* Set our umask to something reasonable, as some files are created * Set our umask to something reasonable, as some files are created
* with the default umask. This will make them world-readable but * with the default umask. This will make them world-readable but