- markus@cvs.openbsd.org 2001/04/06 21:00:17
[auth-rh-rsa.c auth-rhosts.c auth-rsa.c auth2.c channels.c session.c
ssh.c sshconnect.c sshconnect.h uidswap.c uidswap.h]
do gid/groups-swap in addition to uid-swap, should help if /home/group
is chmod 750 + chgrp grp /home/group/, work be deraadt and me, thanks
to olar@openwall.com is comments. we had many requests for this.
diff --git a/channels.c b/channels.c
index 6ca31b8..d5526fb 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.101 2001/04/05 10:42:48 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.102 2001/04/06 21:00:10 markus Exp $");
#include <openssl/rsa.h>
#include <openssl/dsa.h>
@@ -2410,7 +2410,7 @@
fatal("Protocol error: authentication forwarding requested twice.");
/* Temporarily drop privileged uid for mkdir/bind. */
- temporarily_use_uid(pw->pw_uid);
+ temporarily_use_uid(pw);
/* Allocate a buffer for the socket name, and format the name. */
channel_forwarded_auth_socket_name = xmalloc(MAX_SOCKET_NAME);