- markus@cvs.openbsd.org 2002/06/25 18:51:04
[sshd.c]
lightweight do_setusercontext after chroot()
diff --git a/ChangeLog b/ChangeLog
index 5f363d9..d3c7590 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,9 @@
- markus@cvs.openbsd.org 2002/06/25 16:22:42
[authfd.c]
unnecessary cast
+ - markus@cvs.openbsd.org 2002/06/25 18:51:04
+ [sshd.c]
+ lightweight do_setusercontext after chroot()
20020625
- (stevesk) [INSTALL acconfig.h configure.ac defines.h] remove --with-rsh
@@ -1121,4 +1124,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2280 2002/06/25 23:22:54 mouring Exp $
+$Id: ChangeLog,v 1.2281 2002/06/25 23:24:18 mouring Exp $
diff --git a/sshd.c b/sshd.c
index 18df8ab..851fad4 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.250 2002/06/23 10:29:52 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -530,6 +530,7 @@
privsep_preauth_child(void)
{
u_int32_t rand[256];
+ gid_t gidset[2];
struct passwd *pw;
int i;
@@ -559,7 +560,17 @@
/* Drop our privileges */
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
+#if 0
+ /* XXX not ready, to heavy after chroot */
do_setusercontext(pw);
+#else
+ gidset[0] = pw->pw_gid;
+ if (setgid(pw->pw_gid) < 0)
+ fatal("setgid failed for %u", pw->pw_gid );
+ if (setgroups(1, gidset) < 0)
+ fatal("setgroups: %.100s", strerror(errno));
+ permanently_set_uid(pw);
+#endif
}
static Authctxt*