diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2006-06-06 10:20:21 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2006-06-06 10:20:21 +0000 |
commit | cfcb171be097885fc7415a5acf1c729b28e12727 (patch) | |
tree | c2a921d07ff5415a1305cde6d8dced565dbe6547 /usr.bin/ssh | |
parent | ba63599c37a7eccd0d583fab1edc058e8cf2f251 (diff) |
replace remaining setuid() calls with permanently_set_uid() and
check seteuid() return values; report Marcus Meissner; ok dtucker djm
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/readpass.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect.c | 5 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect.h | 22 | ||||
-rw-r--r-- | usr.bin/ssh/sshconnect2.c | 6 | ||||
-rw-r--r-- | usr.bin/ssh/uidswap.c | 4 |
5 files changed, 24 insertions, 19 deletions
diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c index 05264d893c9..02cf8a94688 100644 --- a/usr.bin/ssh/readpass.c +++ b/usr.bin/ssh/readpass.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readpass.c,v 1.37 2006/03/25 13:17:02 djm Exp $ */ +/* $OpenBSD: readpass.c,v 1.38 2006/06/06 10:20:20 markus Exp $ */ /* * Copyright (c) 2001 Markus Friedl. All rights reserved. * @@ -36,6 +36,7 @@ #include "pathnames.h" #include "log.h" #include "ssh.h" +#include "uidswap.h" static char * ssh_askpass(char *askpass, const char *msg) @@ -59,8 +60,7 @@ ssh_askpass(char *askpass, const char *msg) return NULL; } if (pid == 0) { - seteuid(getuid()); - setuid(getuid()); + permanently_set_uid(getpwuid(getuid())); close(p[0]); if (dup2(p[1], STDOUT_FILENO) < 0) fatal("ssh_askpass: dup2: %s", strerror(errno)); diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c index 2a7d5417015..bcb5e94457d 100644 --- a/usr.bin/ssh/sshconnect.c +++ b/usr.bin/ssh/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.182 2006/05/17 12:43:34 markus Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.183 2006/06/06 10:20:20 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -91,8 +91,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) char *argv[10]; /* Child. Permanently give up superuser privileges. */ - seteuid(original_real_uid); - setuid(original_real_uid); + permanently_set_uid(getpwuid(original_real_uid)); /* Redirect stdin and stdout. */ close(pin[1]); diff --git a/usr.bin/ssh/sshconnect.h b/usr.bin/ssh/sshconnect.h index 3786ba56ee0..692d2756753 100644 --- a/usr.bin/ssh/sshconnect.h +++ b/usr.bin/ssh/sshconnect.h @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.h,v 1.19 2006/03/25 22:22:43 djm Exp $ */ +/* $OpenBSD: sshconnect.h,v 1.20 2006/06/06 10:20:20 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. @@ -54,16 +54,20 @@ int ssh_local_cmd(const char *); /* * Macros to raise/lower permissions. */ -#define PRIV_START do { \ - int save_errno = errno; \ - (void)seteuid(original_effective_uid); \ - errno = save_errno; \ +#define PRIV_START do { \ + int save_errno = errno; \ + if (seteuid(original_effective_uid) != 0) \ + fatal("PRIV_START: seteuid: %s", \ + strerror(errno)); \ + errno = save_errno; \ } while (0) -#define PRIV_END do { \ - int save_errno = errno; \ - (void)seteuid(original_real_uid); \ - errno = save_errno; \ +#define PRIV_END do { \ + int save_errno = errno; \ + if (seteuid(original_real_uid) != 0) \ + fatal("PRIV_END: seteuid: %s", \ + strerror(errno)); \ + errno = save_errno; \ } while (0) #endif diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c index fef0d52b177..16ab3d0f052 100644 --- a/usr.bin/ssh/sshconnect2.c +++ b/usr.bin/ssh/sshconnect2.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect2.c,v 1.153 2006/05/08 10:49:48 djm Exp $ */ +/* $OpenBSD: sshconnect2.c,v 1.154 2006/06/06 10:20:20 markus Exp $ */ /* * Copyright (c) 2000 Markus Friedl. All rights reserved. * @@ -52,6 +52,7 @@ #include "canohost.h" #include "msg.h" #include "pathnames.h" +#include "uidswap.h" #ifdef GSSAPI #include "ssh-gss.h" @@ -1251,8 +1252,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp, return -1; } if (pid == 0) { - seteuid(getuid()); - setuid(getuid()); + permanently_set_uid(getpwuid(getuid())); close(from[0]); if (dup2(from[1], STDOUT_FILENO) < 0) fatal("ssh_keysign: dup2: %s", strerror(errno)); diff --git a/usr.bin/ssh/uidswap.c b/usr.bin/ssh/uidswap.c index 5891b71d4bd..75a1d7cb467 100644 --- a/usr.bin/ssh/uidswap.c +++ b/usr.bin/ssh/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.27 2006/04/22 04:06:51 djm Exp $ */ +/* $OpenBSD: uidswap.c,v 1.28 2006/06/06 10:20:20 markus Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -111,6 +111,8 @@ restore_uid(void) void permanently_set_uid(struct passwd *pw) { + if (pw == NULL) + fatal("permanently_set_uid: no user given"); if (temporarily_use_uid_effective) fatal("permanently_set_uid: temporarily_use_uid effective"); debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, |