diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2006-04-22 04:06:52 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2006-04-22 04:06:52 +0000 |
| commit | 36c4a7d6051918280f559f2d0a8704f831600d03 (patch) | |
| tree | 5b14ce9093b96c7ad2c1ccb3b4ac18fe815f1f0f /usr.bin/ssh | |
| parent | 122337ab3226c070b1553c4ebf575fb9b1954ce4 (diff) | |
use setres[ug]id() to permanently revoke privileges; ok deraadt@
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/uidswap.c | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/usr.bin/ssh/uidswap.c b/usr.bin/ssh/uidswap.c index f1d3e4764ee..5891b71d4bd 100644 --- a/usr.bin/ssh/uidswap.c +++ b/usr.bin/ssh/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.26 2006/03/25 13:17:03 djm Exp $ */ +/* $OpenBSD: uidswap.c,v 1.27 2006/04/22 04:06:51 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -115,12 +115,8 @@ permanently_set_uid(struct passwd *pw) fatal("permanently_set_uid: temporarily_use_uid effective"); debug("permanently_set_uid: %u/%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); - if (setegid(pw->pw_gid) < 0) - fatal("setegid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); - if (setgid(pw->pw_gid) < 0) - fatal("setgid %u: %.100s", (u_int)pw->pw_gid, strerror(errno)); - if (seteuid(pw->pw_uid) < 0) - fatal("seteuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); - if (setuid(pw->pw_uid) < 0) - fatal("setuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) + fatal("setresgid %u: %s", (u_int)pw->pw_gid, strerror(errno)); + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) + fatal("setresuid %u: %s", (u_int)pw->pw_uid, strerror(errno)); } |