From bc174eaf4721cb1e0c3715b8a356daa27f84c3f1 Mon Sep 17 00:00:00 2001 From: Markus Friedl Date: Tue, 10 Sep 2002 20:24:48 +0000 Subject: check the euid of the connecting process with getpeereid(2); ok provos deraadt stevesk --- usr.bin/ssh/ssh-agent.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) (limited to 'usr.bin/ssh/ssh-agent.c') diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c index bcfc8b91b80..e53f868485f 100644 --- a/usr.bin/ssh/ssh-agent.c +++ b/usr.bin/ssh/ssh-agent.c @@ -35,7 +35,7 @@ #include "includes.h" #include -RCSID("$OpenBSD: ssh-agent.c,v 1.102 2002/08/22 20:57:19 stevesk Exp $"); +RCSID("$OpenBSD: ssh-agent.c,v 1.103 2002/09/10 20:24:47 markus Exp $"); #include #include @@ -806,6 +806,8 @@ after_select(fd_set *readset, fd_set *writeset) char buf[1024]; int len, sock; u_int i; + uid_t euid; + gid_t egid; for (i = 0; i < sockets_alloc; i++) switch (sockets[i].type) { @@ -821,6 +823,19 @@ after_select(fd_set *readset, fd_set *writeset) strerror(errno)); break; } + if (getpeereid(sock, &euid, &egid) < 0) { + error("getpeereid %d failed: %s", + sock, strerror(errno)); + close(sock); + break; + } + if (getuid() != euid) { + error("uid mismatch: " + "peer euid %d != uid %d", + (int) euid, (int) getuid()); + close(sock); + break; + } new_socket(AUTH_CONNECTION, sock); } break; -- cgit v1.2.3