diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2002-06-25 18:51:05 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2002-06-25 18:51:05 +0000 |
| commit | d800ca201657c306cad1dc45e6aff49f2a092a89 (patch) | |
| tree | 3b2e2188f92b8022b407952586a58f94c551e59a | |
| parent | 13f7b30bebfeac8de71e91e20ea5429e80da1e4b (diff) | |
lightweight do_setusercontext after chroot()
| -rw-r--r-- | usr.bin/ssh/sshd.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index a458e324dfd..3a561e7dac8 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.250 2002/06/23 10:29:52 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -517,6 +517,7 @@ static void privsep_preauth_child(void) { u_int32_t rand[256]; + gid_t gidset[2]; struct passwd *pw; int i; @@ -546,7 +547,17 @@ privsep_preauth_child(void) /* Drop our privileges */ debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); +#if 0 + /* XXX not ready, to heavy after chroot */ do_setusercontext(pw); +#else + gidset[0] = pw->pw_gid; + if (setgid(pw->pw_gid) < 0) + fatal("setgid failed for %u", pw->pw_gid ); + if (setgroups(1, gidset) < 0) + fatal("setgroups: %.100s", strerror(errno)); + permanently_set_uid(pw); +#endif } static Authctxt* |