- (dtucker) [Makefile.in ssh-keysign.c ssh.c] Use permanently_set_uid() since
it does the right thing on all platforms. ok djm@
diff --git a/ssh-keysign.c b/ssh-keysign.c
index cf8b0c2..5176557 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -41,6 +41,7 @@
#include "canohost.h"
#include "pathnames.h"
#include "readconf.h"
+#include "uidswap.h"
/* XXX readconf.c needs these */
uid_t original_real_uid;
@@ -150,8 +151,11 @@
key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
- seteuid(getuid());
- setuid(getuid());
+ if ((pw = getpwuid(getuid())) == NULL)
+ fatal("getpwuid failed");
+ pw = pwcopy(pw);
+
+ permanently_set_uid(pw);
init_rng();
seed_rng();
@@ -173,10 +177,6 @@
if (key_fd[0] == -1 && key_fd[1] == -1)
fatal("could not open any host key");
- if ((pw = getpwuid(getuid())) == NULL)
- fatal("getpwuid failed");
- pw = pwcopy(pw);
-
SSLeay_add_all_algorithms();
for (i = 0; i < 256; i++)
rnd[i] = arc4random();