[Bug 715] usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Sep 26 00:05:07 EST 2003


http://bugzilla.mindrot.org/show_bug.cgi?id=715

           Summary: usage of BROKEN_SETREUID/BROKEN_SETREGID considered
                    harmful
           Product: Portable OpenSSH
           Version: -current
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: major
          Priority: P2
         Component: Build system
        AssignedTo: openssh-bugs at mindrot.org
        ReportedBy: Robert.Dahlem at siemens.com


3.7.1p1 introduced BROKEN_SETREUID/BROKEN_SETREGID and requires each and every
OS to have AC_DEFINE(BROKEN_SETREUID)/AC_DEFINE(BROKEN_SETREGID) in
configure.ac, otherwise - if setreuid() is indeed broken - this will break sshd
for non-root users (disconnect, "fatal: : was able to restore old [e]uid"), see
bug #649 (IRIX), #653 (Tru64), #665 (Mac OS X) and others.

OpenSSH should not depend on untested decisions ("OS x needs
BROKEN_SETREUID/BROKEN_SETREGID, OS y does not need") but instead check if the
functions are broken and consider them broken until the opposite is proven, i.e.:

if(geteuid() != 0) /* make sure we're root */
        exit(1); /* otherwise declare setreuid() broken */
setreuid(1,1); /* try to lose UID 0 */
setuid(0); /* try to regain UID 0, must fail */
if(geteuid() != 0) /* if we're root again */
        exit(1); /* setreuid() is broken */                       
exit(0); /* setreuid() is ok */



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list