diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2001-06-04 21:59:44 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2001-06-04 21:59:44 +0000 |
| commit | f02fdd54e6095dd556a492756e38bc418d34ebc8 (patch) | |
| tree | 86793d1ad7d3981d73df82446e2c315a5ade84a6 | |
| parent | 1c5a272718169d929a5b1a6f01372595357c52e8 (diff) | |
switch uid when cleaning up tmp files and sockets; reported by zen-parse@gmx.net on bugtraq
| -rw-r--r-- | usr.bin/ssh/channels.c | 12 | ||||
| -rw-r--r-- | usr.bin/ssh/channels.h | 4 | ||||
| -rw-r--r-- | usr.bin/ssh/session.c | 21 |
3 files changed, 22 insertions, 15 deletions
diff --git a/usr.bin/ssh/channels.c b/usr.bin/ssh/channels.c index e87348881b3..a7f83f60459 100644 --- a/usr.bin/ssh/channels.c +++ b/usr.bin/ssh/channels.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.122 2001/06/03 14:55:38 markus Exp $"); +RCSID("$OpenBSD: channels.c,v 1.123 2001/06/04 21:59:42 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -2720,12 +2720,16 @@ auth_get_socket_name() /* removes the agent forwarding socket */ void -auth_sock_cleanup_proc(void *ignored) +auth_sock_cleanup_proc(void *_pw) { + struct passwd *pw = _pw; + if (auth_sock_name) { + temporarily_use_uid(pw); unlink(auth_sock_name); rmdir(auth_sock_dir); auth_sock_name = NULL; + restore_uid(); } } @@ -2769,7 +2773,7 @@ auth_input_request_forwarding(struct passwd * pw) auth_sock_dir, (int) getpid()); /* delete agent socket on fatal() */ - fatal_add_cleanup(auth_sock_cleanup_proc, NULL); + fatal_add_cleanup(auth_sock_cleanup_proc, pw); /* Create the socket. */ sock = socket(AF_UNIX, SOCK_STREAM, 0); @@ -2799,7 +2803,7 @@ auth_input_request_forwarding(struct passwd * pw) 0, xstrdup("auth socket"), 1); if (nc == NULL) { error("auth_input_request_forwarding: channel_new failed"); - auth_sock_cleanup_proc(NULL); + auth_sock_cleanup_proc(pw); close(sock); return 0; } diff --git a/usr.bin/ssh/channels.h b/usr.bin/ssh/channels.h index c1815d58d62..3de9627ab99 100644 --- a/usr.bin/ssh/channels.h +++ b/usr.bin/ssh/channels.h @@ -32,7 +32,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -/* RCSID("$OpenBSD: channels.h,v 1.36 2001/06/03 14:55:39 markus Exp $"); */ +/* RCSID("$OpenBSD: channels.h,v 1.37 2001/06/04 21:59:42 markus Exp $"); */ #ifndef CHANNEL_H #define CHANNEL_H @@ -223,7 +223,7 @@ void deny_input_open(int type, int plen, void *ctxt); void auth_request_forwarding(void); char *auth_get_socket_name(void); -void auth_sock_cleanup_proc(void *ignored); +void auth_sock_cleanup_proc(void *pw); int auth_input_request_forwarding(struct passwd * pw); void auth_input_open_request(int type, int plen, void *ctxt); diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 9e9e891a173..e4e53b9f162 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -33,7 +33,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: session.c,v 1.79 2001/06/03 14:55:39 markus Exp $"); +RCSID("$OpenBSD: session.c,v 1.80 2001/06/04 21:59:43 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -94,7 +94,7 @@ void do_login(Session *s, const char *command); void do_child(Session *s, const char *command); void do_motd(void); int check_quietlogin(Session *s, const char *command); -void xauthfile_cleanup_proc(void *ignore); +void xauthfile_cleanup_proc(void *pw); void do_authenticated1(Authctxt *authctxt); void do_authenticated2(Authctxt *authctxt); @@ -157,21 +157,23 @@ do_authenticated(Authctxt *authctxt) /* remote user's local Xauthority file and agent socket */ if (xauthfile) - xauthfile_cleanup_proc(NULL); + xauthfile_cleanup_proc(authctxt->pw); if (auth_get_socket_name()) - auth_sock_cleanup_proc(NULL); + auth_sock_cleanup_proc(authctxt->pw); } /* * Remove local Xauthority file. */ void -xauthfile_cleanup_proc(void *ignore) +xauthfile_cleanup_proc(void *_pw) { - debug("xauthfile_cleanup_proc called"); + struct passwd *pw = _pw; + char *p; + debug("xauthfile_cleanup_proc called"); if (xauthfile != NULL) { - char *p; + temporarily_use_uid(pw); unlink(xauthfile); p = strrchr(xauthfile, '/'); if (p != NULL) { @@ -180,6 +182,7 @@ xauthfile_cleanup_proc(void *ignore) } xfree(xauthfile); xauthfile = NULL; + restore_uid(); } } @@ -356,7 +359,7 @@ do_authenticated1(Authctxt *authctxt) if (fd >= 0) close(fd); restore_uid(); - fatal_add_cleanup(xauthfile_cleanup_proc, NULL); + fatal_add_cleanup(xauthfile_cleanup_proc, s->pw); success = 1; break; @@ -1433,7 +1436,7 @@ session_x11_req(Session *s) if (fd >= 0) close(fd); restore_uid(); - fatal_add_cleanup(xauthfile_cleanup_proc, s); + fatal_add_cleanup(xauthfile_cleanup_proc, s->pw); return 1; } |