diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2002-09-10 20:24:48 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2002-09-10 20:24:48 +0000 |
| commit | bc174eaf4721cb1e0c3715b8a356daa27f84c3f1 (patch) | |
| tree | 1bd90437c53c183438b17ed9609d768e5e24a739 /usr.bin | |
| parent | 352be5920f09fc079ddc25d171285aae3edc3d38 (diff) | |
check the euid of the connecting process with getpeereid(2); ok provos deraadt stevesk
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/ssh/ssh-agent.c | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index bcfc8b91b80..e53f868485f 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include <sys/queue.h> -RCSID("$OpenBSD: ssh-agent.c,v 1.102 2002/08/22 20:57:19 stevesk Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.103 2002/09/10 20:24:47 markus Exp $"); #include <openssl/evp.h> #include <openssl/md5.h> @@ -806,6 +806,8 @@ after_select(fd_set *readset, fd_set *writeset) char buf[1024]; int len, sock; u_int i; + uid_t euid; + gid_t egid; for (i = 0; i < sockets_alloc; i++) switch (sockets[i].type) { @@ -821,6 +823,19 @@ after_select(fd_set *readset, fd_set *writeset) strerror(errno)); break; } + if (getpeereid(sock, &euid, &egid) < 0) { + error("getpeereid %d failed: %s", + sock, strerror(errno)); + close(sock); + break; + } + if (getuid() != euid) { + error("uid mismatch: " + "peer euid %d != uid %d", + (int) euid, (int) getuid()); + close(sock); + break; + } new_socket(AUTH_CONNECTION, sock); } break; |