Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 50b9a60082171c12deed0d52f47c03bdc75d8cb4^! / .
commit50b9a60082171c12deed0d52f47c03bdc75d8cb4[log] [tgz]
authorDamien Miller <djm@mindrot.org>Wed Sep 04 16:50:06 2002 +1000
committerDamien Miller <djm@mindrot.org>Wed Sep 04 16:50:06 2002 +1000
treee321e91bb15fcd624239b7c8b79b9e3a2eba348f
parent9b1dacdf2cc18aa150bc2a293e7180db79103f9a [diff]
   - stevesk@cvs.openbsd.org 2002/08/29 19:49:42
     [ssh.c]
     shrink initial privilege bracket for setuid case; ok markus@

diff --git a/ChangeLog b/ChangeLog
index 26d4142..6776929 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -48,6 +48,9 @@
    - stevesk@cvs.openbsd.org 2002/08/29 16:09:02
      [ssh_config.5]
      more on UsePrivilegedPort and setuid root; ok markus@
+   - stevesk@cvs.openbsd.org 2002/08/29 19:49:42
+     [ssh.c]
+     shrink initial privilege bracket for setuid case; ok markus@
 
 20020820
  - OpenBSD CVS Sync
@@ -1589,4 +1592,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2440 2002/09/04 06:47:35 djm Exp $
+$Id: ChangeLog,v 1.2441 2002/09/04 06:50:06 djm Exp $

diff --git a/ssh.c b/ssh.c
index de1e8cc..dcbf68d 100644
--- a/ssh.c
+++ b/ssh.c

@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.183 2002/08/29 16:02:54 stevesk Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.184 2002/08/29 19:49:42 stevesk Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/err.h>
@@ -228,6 +228,15 @@
 	 */
 	original_real_uid = getuid();
 	original_effective_uid = geteuid();
+ 
+	/*
+	 * Use uid-swapping to give up root privileges for the duration of
+	 * option processing.  We will re-instantiate the rights when we are
+	 * ready to create the privileged port, and will permanently drop
+	 * them when the port has been created (actually, when the connection
+	 * has been made, as we may need to create the port several times).
+	 */
+	PRIV_END;
 
 #ifdef HAVE_SETRLIMIT
 	/* If we are installed setuid root be careful to not drop core. */
@@ -248,15 +257,6 @@
 	pw = pwcopy(pw);
 
 	/*
-	 * Use uid-swapping to give up root privileges for the duration of
-	 * option processing.  We will re-instantiate the rights when we are
-	 * ready to create the privileged port, and will permanently drop
-	 * them when the port has been created (actually, when the connection
-	 * has been made, as we may need to create the port several times).
-	 */
-	PRIV_END;
-
-	/*
 	 * Set our umask to something reasonable, as some files are created
 	 * with the default umask.  This will make them world-readable but
 	 * writable only by the owner, which is ok for all files for which we