From 6b4069ad563ce578cbfa6f90e76b462d26483e67 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 13 Jun 2006 13:05:15 +1000 Subject: [PATCH] - markus@cvs.openbsd.org 2006/06/06 10:20:20 [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] replace remaining setuid() calls with permanently_set_uid() and check seteuid() return values; report Marcus Meissner; ok dtucker djm --- ChangeLog | 6 +++++- readpass.c | 6 +++--- sshconnect.c | 5 ++--- sshconnect.h | 22 +++++++++++++--------- sshconnect2.c | 6 +++--- uidswap.c | 4 +++- 6 files changed, 29 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7dfcb45e5..7c30a33ac 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,6 +38,10 @@ [sshd.c] call get_remote_ipaddr() early; fixes logging after client disconnects; report mpf@; ok dtucker@ + - markus@cvs.openbsd.org 2006/06/06 10:20:20 + [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c] + replace remaining setuid() calls with permanently_set_uid() and + check seteuid() return values; report Marcus Meissner; ok dtucker djm 20060521 - (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor @@ -4671,4 +4675,4 @@ - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu -$Id: ChangeLog,v 1.4340 2006/06/13 03:03:53 djm Exp $ +$Id: ChangeLog,v 1.4341 2006/06/13 03:05:15 djm Exp $ diff --git a/readpass.c b/readpass.c index c3d36a028..60e4a902f 100644 --- a/readpass.c +++ b/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.37 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: readpass.c,v 1.38 2006/06/06 10:20:20 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -37,6 +37,7 @@ #include "pathnames.h" #include "log.h" #include "ssh.h" +#include "uidswap.h" static char * ssh_askpass(char *askpass, const char *msg) @@ -60,8 +61,7 @@ ssh_askpass(char *askpass, const char *msg) return NULL; } if (pid == 0) { - seteuid(getuid()); - setuid(getuid()); + permanently_set_uid(getpwuid(getuid())); close(p[0]); if (dup2(p[1], STDOUT_FILENO) < 0) fatal("ssh_askpass: dup2: %s", strerror(errno)); diff --git a/sshconnect.c b/sshconnect.c index e855f1926..41ad82f9f 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.182 2006/05/17 12:43:34 markus Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.183 2006/06/06 10:20:20 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -97,8 +97,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) char *argv[10]; /* Child. Permanently give up superuser privileges. */ - seteuid(original_real_uid); - setuid(original_real_uid); + permanently_set_uid(getpwuid(original_real_uid)); /* Redirect stdin and stdout. */ close(pin[1]); diff --git a/sshconnect.h b/sshconnect.h index 3786ba56e..692d27567 100644 --- a/sshconnect.h +++ b/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.19 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.20 2006/06/06 10:20:20 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -54,16 +54,20 @@ int ssh_local_cmd(const char *); /* * Macros to raise/lower permissions. */ -#define PRIV_START do { \ - int save_errno = errno; \ - (void)seteuid(original_effective_uid); \ - errno = save_errno; \ +#define PRIV_START do { \ + int save_errno = errno; \ + if (seteuid(original_effective_uid) != 0) \ + fatal("PRIV_START: seteuid: %s", \ + strerror(errno)); \ + errno = save_errno; \ } while (0) -#define PRIV_END do { \ - int save_errno = errno; \ - (void)seteuid(original_real_uid); \ - errno = save_errno; \ +#define PRIV_END do { \ + int save_errno = errno; \ + if (seteuid(original_real_uid) != 0) \ + fatal("PRIV_END: seteuid: %s", \ + strerror(errno)); \ + errno = save_errno; \ } while (0) #endif diff --git a/sshconnect2.c b/sshconnect2.c index 53cf25762..c97738c7b 100644 --- a/sshconnect2.c +++ b/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.153 2006/05/08 10:49:48 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.154 2006/06/06 10:20:20 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -53,6 +53,7 @@ #include "canohost.h" #include "msg.h" #include "pathnames.h" +#include "uidswap.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -1252,8 +1253,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, return -1; } if (pid == 0) { - seteuid(getuid()); - setuid(getuid()); + permanently_set_uid(getpwuid(getuid())); close(from[0]); if (dup2(from[1], STDOUT_FILENO) < 0) fatal("ssh_keysign: dup2: %s", strerror(errno)); diff --git a/uidswap.c b/uidswap.c index 6dc1680db..ba2d20942 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.27 2006/04/22 04:06:51 djm Exp $ */ +/* $OpenBSD: uidswap.c,v 1.28 2006/06/06 10:20:20 markus Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -169,6 +169,8 @@ permanently_set_uid(struct passwd *pw) uid_t old_uid = getuid(); gid_t old_gid = getgid(); + if (pw == NULL) + fatal("permanently_set_uid: no user given"); if (temporarily_use_uid_effective) fatal("permanently_set_uid: temporarily_use_uid effective"); debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,