diff options
author | Kevin Steves <stevesk@cvs.openbsd.org> | 2002-08-29 19:49:43 +0000 |
---|---|---|
committer | Kevin Steves <stevesk@cvs.openbsd.org> | 2002-08-29 19:49:43 +0000 |
commit | 6c07ad53fb77decd44e8e6e1929c2d8fc19c8c0f (patch) | |
tree | a22e62e993698950860579cc9ed0b03e5d763c2f | |
parent | 36fcc458cd85159260ba1b0cd7d01b02012f3589 (diff) |
shrink initial privilege bracket for setuid case; ok markus@
-rw-r--r-- | usr.bin/ssh/ssh.c | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index c55bdba0dae..1994f05f07f 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -40,7 +40,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: ssh.c,v 1.183 2002/08/29 16:02:54 stevesk Exp $"); +RCSID("$OpenBSD: ssh.c,v 1.184 2002/08/29 19:49:42 stevesk Exp $"); #include <openssl/evp.h> #include <openssl/err.h> @@ -218,6 +218,15 @@ main(int ac, char **av) original_real_uid = getuid(); original_effective_uid = geteuid(); + /* + * Use uid-swapping to give up root privileges for the duration of + * option processing. We will re-instantiate the rights when we are + * ready to create the privileged port, and will permanently drop + * them when the port has been created (actually, when the connection + * has been made, as we may need to create the port several times). + */ + PRIV_END; + /* If we are installed setuid root be careful to not drop core. */ if (original_real_uid != original_effective_uid) { struct rlimit rlim; @@ -235,15 +244,6 @@ main(int ac, char **av) pw = pwcopy(pw); /* - * Use uid-swapping to give up root privileges for the duration of - * option processing. We will re-instantiate the rights when we are - * ready to create the privileged port, and will permanently drop - * them when the port has been created (actually, when the connection - * has been made, as we may need to create the port several times). - */ - PRIV_END; - - /* * Set our umask to something reasonable, as some files are created * with the default umask. This will make them world-readable but * writable only by the owner, which is ok for all files for which we |