SCO 5.0.5 question (username not known)
Damien Miller
djm at mindrot.org
Mon Feb 12 17:25:52 EST 2001
On Mon, 12 Feb 2001, Jim Knoble wrote:
> Circa 2001-Feb-11 00:37:45 +0100 dixit Gert Doering:
>
> : The system call required is "setluid(uid_t)", and should be done at the
> : place in sshd where the user ID is set, all root privileges are revoked,
> : and the user shell is "to be called". Caveat: if sshd is run from the
> : command line, like "make ; make install; sshd", setluid() will fail - but
> : there's nothing we can do, except recommend to run sshd only from
> : /etc/inittab (":once:" settings).
>
> Actually, what sshd probably wants to do is something like the following:
>
> #ifdef HAVE_SETLUID
> if (-1 == getluid()) {
> setluid(my_uid);
> }
> #else
> #ifdef HAVE_SETAUID
> /* Similar stuff for Solaris or other systems with setauid(). */
> #endif
> #endif
Would it be possible for someone with access to one of these systems to
turn the above into a patch and test it?
You want to start in the do_child() function in session.c. Be careful,
there is a lot of OS-dependant stuff in that function.
If noone steps up, then I can create a patch, but I don't have ready
access to a C2 system and would thus be flying blind.
-d
--
| Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
| http://www.mindrot.org / distributed filesystem'' - Dan Geer
More information about the openssh-unix-dev
mailing list