SCO 5.0.5 question (username not known)

svaughan svaughan at asterion.com
Mon Feb 12 17:34:30 EST 2001


Damien,
I would be glad too. 
I should have some free time this week.
  
thanks
Sam




On Mon, 12 Feb 2001, Damien Miller wrote:

> On Mon, 12 Feb 2001, Jim Knoble wrote:
> 
> > Circa 2001-Feb-11 00:37:45 +0100 dixit Gert Doering:
> > 
> > : The system call required is "setluid(uid_t)", and should be done at the
> > : place in sshd where the user ID is set, all root privileges are revoked,
> > : and the user shell is "to be called".  Caveat: if sshd is run from the
> > : command line, like "make ; make install; sshd", setluid() will fail - but
> > : there's nothing we can do, except recommend to run sshd only from
> > : /etc/inittab (":once:" settings).
> > 
> > Actually, what sshd probably wants to do is something like the following:
> > 
> >   #ifdef HAVE_SETLUID
> >   if (-1 == getluid()) {
> >     setluid(my_uid);
> >   }
> >   #else
> >   #ifdef HAVE_SETAUID
> >   /* Similar stuff for Solaris or other systems with setauid(). */
> >   #endif
> >   #endif
> 
> Would it be possible for someone with access to one of these systems to
> turn the above into a patch and test it?
> 
> You want to start in the do_child() function in session.c. Be careful,
> there is a lot of OS-dependant stuff in that function.
> 
> If noone steps up, then I can create a patch, but I don't have ready 
> access to a C2 system and would thus be flying blind.
> 
> -d
>  
> 
> -- 
> | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's 
> | http://www.mindrot.org          /   distributed filesystem'' - Dan Geer
> 






More information about the openssh-unix-dev mailing list