diff options
| author | Darren Tucker <dtucker@cvs.openbsd.org> | 2018-07-18 11:34:06 +0000 |
|---|---|---|
| committer | Darren Tucker <dtucker@cvs.openbsd.org> | 2018-07-18 11:34:06 +0000 |
| commit | aa74b5d8ec77199ae38087d51bb58d0a39129d92 (patch) | |
| tree | c7bc9b9af14d8322e8f553e9ac60e72c8323619d /usr.bin/ssh/sshconnect.c | |
| parent | 9d185f1bada9334334f6ece8016aa0a7f8be84b5 (diff) | |
Remove support for running ssh(1) setuid and fatal if attempted.
Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort,
which will be marked as deprecated shortly. ok markus@ djm@
Diffstat (limited to 'usr.bin/ssh/sshconnect.c')
| -rw-r--r-- | usr.bin/ssh/sshconnect.c | 28 |
1 files changed, 3 insertions, 25 deletions
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 6c818910978..f3a6718de63 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.300 2018/07/11 18:53:29 markus Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.301 2018/07/18 11:34:04 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -40,7 +40,6 @@ #include "ssh.h" #include "sshbuf.h" #include "packet.h" -#include "uidswap.h" #include "compat.h" #include "sshkey.h" #include "sshconnect.h" @@ -117,9 +116,6 @@ ssh_proxy_fdpass_connect(struct ssh *ssh, const char *host, u_short port, if ((pid = fork()) == 0) { char *argv[10]; - /* Child. Permanently give up superuser privileges. */ - permanently_drop_suid(original_real_uid); - close(sp[1]); /* Redirect stdin and stdout. */ if (sp[0] != 0) { @@ -199,9 +195,6 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, u_short port, if ((pid = fork()) == 0) { char *argv[10]; - /* Child. Permanently give up superuser privileges. */ - permanently_drop_suid(original_real_uid); - /* Redirect stdin and stdout. */ close(pin[1]); if (pin[0] != 0) { @@ -327,7 +320,7 @@ check_ifaddrs(const char *ifname, int af, const struct ifaddrs *ifaddrs, static int ssh_create_socket(int privileged, struct addrinfo *ai) { - int sock, r, oerrno; + int sock, r; struct sockaddr_storage bindaddr; socklen_t bindaddrlen = 0; struct addrinfo hints, *res = NULL; @@ -388,22 +381,7 @@ ssh_create_socket(int privileged, struct addrinfo *ai) ssh_gai_strerror(r)); goto fail; } - /* - * If we are running as root and want to connect to a privileged - * port, bind our own socket to a privileged port. - */ - if (privileged) { - PRIV_START; - r = bindresvport_sa(sock, - bindaddrlen == 0 ? NULL : (struct sockaddr *)&bindaddr); - oerrno = errno; - PRIV_END; - if (r < 0) { - error("bindresvport_sa %s: %s", ntop, - strerror(oerrno)); - goto fail; - } - } else if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) { + if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) { error("bind %s: %s", ntop, strerror(errno)); goto fail; } |