- (djm) Try to drop supplemental groups at daemon startup. Patch from

RedHat
This commit is contained in:
Damien Miller 2002-05-10 12:20:24 +10:00
parent cfe4a89eef
commit 87aea25f1a
2 changed files with 13 additions and 1 deletions

View File

@ -2,6 +2,8 @@
- (djm) Rework RedHat RPM files. Based on spec from Nalin - (djm) Rework RedHat RPM files. Based on spec from Nalin
Dahyabhai <nalin@redhat.com> and patches from Dahyabhai <nalin@redhat.com> and patches from
Pekka Savola <pekkas@netcore.fi> Pekka Savola <pekkas@netcore.fi>
- (djm) Try to drop supplemental groups at daemon startup. Patch from
RedHat
20020509 20020509
- (tim) [Makefile.in] Unbreak make -f Makefile.in distprep - (tim) [Makefile.in] Unbreak make -f Makefile.in distprep
@ -553,4 +555,4 @@
- (stevesk) entropy.c: typo in debug message - (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@ - (djm) ssh-keygen -i needs seeded RNG; report from markus@
$Id: ChangeLog,v 1.2101 2002/05/10 02:19:23 djm Exp $ $Id: ChangeLog,v 1.2102 2002/05/10 02:20:24 djm Exp $

10
sshd.c
View File

@ -1005,6 +1005,16 @@ main(int ac, char **av)
if (test_flag) if (test_flag)
exit(0); exit(0);
/*
* Clear out any supplemental groups we may have inherited. This
* prevents inadvertent creation of files with bad modes (in the
* portable version at least, it's certainly possible for PAM
* to create a file, and we can't control the code in every
* module which might be used).
*/
if (setgroups(0, NULL) < 0)
debug("setgroups() failed: %.200s", strerror(errno));
/* Initialize the log (it is reinitialized below in case we forked). */ /* Initialize the log (it is reinitialized below in case we forked). */
if (debug_flag && !inetd_flag) if (debug_flag && !inetd_flag)
log_stderr = 1; log_stderr = 1;