summaryrefslogtreecommitdiff
path: root/usr.bin/ssh
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2006-06-06 10:20:21 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2006-06-06 10:20:21 +0000
commitcfcb171be097885fc7415a5acf1c729b28e12727 (patch)
treec2a921d07ff5415a1305cde6d8dced565dbe6547 /usr.bin/ssh
parentba63599c37a7eccd0d583fab1edc058e8cf2f251 (diff)
replace remaining setuid() calls with permanently_set_uid() and
check seteuid() return values; report Marcus Meissner; ok dtucker djm
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r--usr.bin/ssh/readpass.c6
-rw-r--r--usr.bin/ssh/sshconnect.c5
-rw-r--r--usr.bin/ssh/sshconnect.h22
-rw-r--r--usr.bin/ssh/sshconnect2.c6
-rw-r--r--usr.bin/ssh/uidswap.c4
5 files changed, 24 insertions, 19 deletions
diff --git a/usr.bin/ssh/readpass.c b/usr.bin/ssh/readpass.c
index 05264d893c9..02cf8a94688 100644
--- a/usr.bin/ssh/readpass.c
+++ b/usr.bin/ssh/readpass.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: readpass.c,v 1.37 2006/03/25 13:17:02 djm Exp $ */
+/* $OpenBSD: readpass.c,v 1.38 2006/06/06 10:20:20 markus Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
@@ -36,6 +36,7 @@
#include "pathnames.h"
#include "log.h"
#include "ssh.h"
+#include "uidswap.h"
static char *
ssh_askpass(char *askpass, const char *msg)
@@ -59,8 +60,7 @@ ssh_askpass(char *askpass, const char *msg)
return NULL;
}
if (pid == 0) {
- seteuid(getuid());
- setuid(getuid());
+ permanently_set_uid(getpwuid(getuid()));
close(p[0]);
if (dup2(p[1], STDOUT_FILENO) < 0)
fatal("ssh_askpass: dup2: %s", strerror(errno));
diff --git a/usr.bin/ssh/sshconnect.c b/usr.bin/ssh/sshconnect.c
index 2a7d5417015..bcb5e94457d 100644
--- a/usr.bin/ssh/sshconnect.c
+++ b/usr.bin/ssh/sshconnect.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.c,v 1.182 2006/05/17 12:43:34 markus Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.183 2006/06/06 10:20:20 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -91,8 +91,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
char *argv[10];
/* Child. Permanently give up superuser privileges. */
- seteuid(original_real_uid);
- setuid(original_real_uid);
+ permanently_set_uid(getpwuid(original_real_uid));
/* Redirect stdin and stdout. */
close(pin[1]);
diff --git a/usr.bin/ssh/sshconnect.h b/usr.bin/ssh/sshconnect.h
index 3786ba56ee0..692d2756753 100644
--- a/usr.bin/ssh/sshconnect.h
+++ b/usr.bin/ssh/sshconnect.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect.h,v 1.19 2006/03/25 22:22:43 djm Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.20 2006/06/06 10:20:20 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
@@ -54,16 +54,20 @@ int ssh_local_cmd(const char *);
/*
* Macros to raise/lower permissions.
*/
-#define PRIV_START do { \
- int save_errno = errno; \
- (void)seteuid(original_effective_uid); \
- errno = save_errno; \
+#define PRIV_START do { \
+ int save_errno = errno; \
+ if (seteuid(original_effective_uid) != 0) \
+ fatal("PRIV_START: seteuid: %s", \
+ strerror(errno)); \
+ errno = save_errno; \
} while (0)
-#define PRIV_END do { \
- int save_errno = errno; \
- (void)seteuid(original_real_uid); \
- errno = save_errno; \
+#define PRIV_END do { \
+ int save_errno = errno; \
+ if (seteuid(original_real_uid) != 0) \
+ fatal("PRIV_END: seteuid: %s", \
+ strerror(errno)); \
+ errno = save_errno; \
} while (0)
#endif
diff --git a/usr.bin/ssh/sshconnect2.c b/usr.bin/ssh/sshconnect2.c
index fef0d52b177..16ab3d0f052 100644
--- a/usr.bin/ssh/sshconnect2.c
+++ b/usr.bin/ssh/sshconnect2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.153 2006/05/08 10:49:48 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.154 2006/06/06 10:20:20 markus Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -52,6 +52,7 @@
#include "canohost.h"
#include "msg.h"
#include "pathnames.h"
+#include "uidswap.h"
#ifdef GSSAPI
#include "ssh-gss.h"
@@ -1251,8 +1252,7 @@ ssh_keysign(Key *key, u_char **sigp, u_int *lenp,
return -1;
}
if (pid == 0) {
- seteuid(getuid());
- setuid(getuid());
+ permanently_set_uid(getpwuid(getuid()));
close(from[0]);
if (dup2(from[1], STDOUT_FILENO) < 0)
fatal("ssh_keysign: dup2: %s", strerror(errno));
diff --git a/usr.bin/ssh/uidswap.c b/usr.bin/ssh/uidswap.c
index 5891b71d4bd..75a1d7cb467 100644
--- a/usr.bin/ssh/uidswap.c
+++ b/usr.bin/ssh/uidswap.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: uidswap.c,v 1.27 2006/04/22 04:06:51 djm Exp $ */
+/* $OpenBSD: uidswap.c,v 1.28 2006/06/06 10:20:20 markus Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -111,6 +111,8 @@ restore_uid(void)
void
permanently_set_uid(struct passwd *pw)
{
+ if (pw == NULL)
+ fatal("permanently_set_uid: no user given");
if (temporarily_use_uid_effective)
fatal("permanently_set_uid: temporarily_use_uid effective");
debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid,