- markus@cvs.openbsd.org 2002/08/12 10:46:35
[ssh-agent.c]
make ssh-agent setgid, disallow ptrace.
(note: change not yet made in Makefile)
diff --git a/ChangeLog b/ChangeLog
index e748108..42f09d7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20020903
+ - (djm) OpenBSD CVS Sync
+ - markus@cvs.openbsd.org 2002/08/12 10:46:35
+ [ssh-agent.c]
+ make ssh-agent setgid, disallow ptrace.
+
20020820
- OpenBSD CVS Sync
- millert@cvs.openbsd.org 2002/08/02 14:43:15
@@ -1538,4 +1544,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2426 2002/08/21 02:54:11 mouring Exp $
+$Id: ChangeLog,v 1.2427 2002/09/04 06:20:26 djm Exp $
diff --git a/ssh-agent.c b/ssh-agent.c
index 1f21cbc..0615889 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
#include "includes.h"
#include "openbsd-compat/fake-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.98 2002/07/21 18:07:45 stevesk Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.99 2002/08/12 10:46:35 markus Exp $");
#include <openssl/evp.h>
#include <openssl/md5.h>
@@ -943,6 +943,10 @@
pid_t pid;
char pidstrbuf[1 + 3 * sizeof pid];
+ /* drop */
+ setegid(getgid());
+ setgid(getgid());
+
SSLeay_add_all_algorithms();
__progname = get_progname(av[0]);