[Bug 715] usage of BROKEN_SETREUID/BROKEN_SETREGID considered harmful
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Sep 26 00:05:07 EST 2003
http://bugzilla.mindrot.org/show_bug.cgi?id=715
Summary: usage of BROKEN_SETREUID/BROKEN_SETREGID considered
harmful
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: All
Status: NEW
Severity: major
Priority: P2
Component: Build system
AssignedTo: openssh-bugs at mindrot.org
ReportedBy: Robert.Dahlem at siemens.com
3.7.1p1 introduced BROKEN_SETREUID/BROKEN_SETREGID and requires each and every
OS to have AC_DEFINE(BROKEN_SETREUID)/AC_DEFINE(BROKEN_SETREGID) in
configure.ac, otherwise - if setreuid() is indeed broken - this will break sshd
for non-root users (disconnect, "fatal: : was able to restore old [e]uid"), see
bug #649 (IRIX), #653 (Tru64), #665 (Mac OS X) and others.
OpenSSH should not depend on untested decisions ("OS x needs
BROKEN_SETREUID/BROKEN_SETREGID, OS y does not need") but instead check if the
functions are broken and consider them broken until the opposite is proven, i.e.:
if(geteuid() != 0) /* make sure we're root */
exit(1); /* otherwise declare setreuid() broken */
setreuid(1,1); /* try to lose UID 0 */
setuid(0); /* try to regain UID 0, must fail */
if(geteuid() != 0) /* if we're root again */
exit(1); /* setreuid() is broken */
exit(0); /* setreuid() is ok */
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list