- markus@cvs.openbsd.org 2006/06/06 10:20:20
[readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
replace remaining setuid() calls with permanently_set_uid() and
check seteuid() return values; report Marcus Meissner; ok dtucker djm
diff --git a/ChangeLog b/ChangeLog
index 7dfcb45..7c30a33 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -38,6 +38,10 @@
[sshd.c]
call get_remote_ipaddr() early; fixes logging after client disconnects;
report mpf@; ok dtucker@
+ - markus@cvs.openbsd.org 2006/06/06 10:20:20
+ [readpass.c sshconnect.c sshconnect.h sshconnect2.c uidswap.c]
+ replace remaining setuid() calls with permanently_set_uid() and
+ check seteuid() return values; report Marcus Meissner; ok dtucker djm
20060521
- (dtucker) [auth.c monitor.c] Now that we don't log from both the monitor
@@ -4671,4 +4675,4 @@
- (djm) Trim deprecated options from INSTALL. Mention UsePAM
- (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu
-$Id: ChangeLog,v 1.4340 2006/06/13 03:03:53 djm Exp $
+$Id: ChangeLog,v 1.4341 2006/06/13 03:05:15 djm Exp $
diff --git a/readpass.c b/readpass.c
index c3d36a0..60e4a90 100644
--- a/readpass.c
+++ b/readpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.37 2006/03/25 13:17:02 djm Exp $ */
+/* $OpenBSD: readpass.c,v 1.38 2006/06/06 10:20:20 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -37,6 +37,7 @@
#include "pathnames.h"
#include "log.h"
#include "ssh.h"
+#include "uidswap.h"
static char *
ssh_askpass(char *askpass, const char *msg)
@@ -60,8 +61,7 @@
return NULL;
}
if (pid == 0) {
- seteuid(getuid());
- setuid(getuid());
+ permanently_set_uid(getpwuid(getuid()));
close(p[0]);
if (dup2(p[1], STDOUT_FILENO) < 0)
fatal("ssh_askpass: dup2: %s", strerror(errno));
diff --git a/sshconnect.c b/sshconnect.c
index e855f19..41ad82f 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.182 2006/05/17 12:43:34 markus Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.183 2006/06/06 10:20:20 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -97,8 +97,7 @@
char *argv[10];
/* Child. Permanently give up superuser privileges. */
- seteuid(original_real_uid);
- setuid(original_real_uid);
+ permanently_set_uid(getpwuid(original_real_uid));
/* Redirect stdin and stdout. */
close(pin[1]);
diff --git a/sshconnect.h b/sshconnect.h
index 3786ba5..692d275 100644
--- a/sshconnect.h
+++ b/sshconnect.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.19 2006/03/25 22:22:43 djm Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.20 2006/06/06 10:20:20 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -54,16 +54,20 @@
/*
* Macros to raise/lower permissions.
*/
-#define PRIV_START do { \
- int save_errno = errno; \
- (void)seteuid(original_effective_uid); \
- errno = save_errno; \
+#define PRIV_START do { \
+ int save_errno = errno; \
+ if (seteuid(original_effective_uid) != 0) \
+ fatal("PRIV_START: seteuid: %s", \
+ strerror(errno)); \
+ errno = save_errno; \
} while (0)
-#define PRIV_END do { \
- int save_errno = errno; \
- (void)seteuid(original_real_uid); \
- errno = save_errno; \
+#define PRIV_END do { \
+ int save_errno = errno; \
+ if (seteuid(original_real_uid) != 0) \
+ fatal("PRIV_END: seteuid: %s", \
+ strerror(errno)); \
+ errno = save_errno; \
} while (0)
#endif
diff --git a/sshconnect2.c b/sshconnect2.c
index 53cf257..c97738c 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.153 2006/05/08 10:49:48 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.154 2006/06/06 10:20:20 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -53,6 +53,7 @@
#include "canohost.h"
#include "msg.h"
#include "pathnames.h"
+#include "uidswap.h"
#ifdef GSSAPI
#include "ssh-gss.h"
@@ -1252,8 +1253,7 @@
return -1;
}
if (pid == 0) {
- seteuid(getuid());
- setuid(getuid());
+ permanently_set_uid(getpwuid(getuid()));
close(from[0]);
if (dup2(from[1], STDOUT_FILENO) < 0)
fatal("ssh_keysign: dup2: %s", strerror(errno));
diff --git a/uidswap.c b/uidswap.c
index 6dc1680..ba2d209 100644
--- a/uidswap.c
+++ b/uidswap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uidswap.c,v 1.27 2006/04/22 04:06:51 djm Exp $ */
+/* $OpenBSD: uidswap.c,v 1.28 2006/06/06 10:20:20 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -169,6 +169,8 @@
uid_t old_uid = getuid();
gid_t old_gid = getgid();
+ if (pw == NULL)
+ fatal("permanently_set_uid: no user given");
if (temporarily_use_uid_effective)
fatal("permanently_set_uid: temporarily_use_uid effective");
debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,