summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>1999-11-15 21:05:04 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>1999-11-15 21:05:04 +0000
commitb1e532966746d4ea774c56b6f88b594fa32f54da (patch)
tree2298937ad3689779e54647b7daa830e5bb2b78f0 /usr.bin
parent2f60357340da0acfa9d5bcd18b1e49f2a1d46761 (diff)
a note for legay systems about secuity issues with permanently_set_uid(),
the private hostkey and ptrace()
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/ssh.c9
1 files changed, 8 insertions, 1 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c
index 6725ae0010b..97315254f35 100644
--- a/usr.bin/ssh/ssh.c
+++ b/usr.bin/ssh/ssh.c
@@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada.
*/
#include "includes.h"
-RCSID("$Id: ssh.c,v 1.29 1999/11/14 21:45:07 markus Exp $");
+RCSID("$Id: ssh.c,v 1.30 1999/11/15 21:05:03 markus Exp $");
#include "xmalloc.h"
#include "ssh.h"
@@ -550,6 +550,13 @@ main(int ac, char **av)
them. Also, extra privileges could make it very hard to read identity
files and other non-world-readable files from the user's home directory
if it happens to be on a NFS volume where root is mapped to nobody. */
+
+ /* Note that some legacy systems need to postpone the following call to
+ permanently_set_uid() until the private hostkey is destroyed with
+ RSA_free(). Otherwise the calling user could ptrace() the process,
+ read the private hostkey and impersonate the host. OpenBSD does not
+ allow ptracing of setuid processes. */
+
permanently_set_uid(original_real_uid);
/* Now that we are back to our own permissions, create ~/.ssh directory