SCO 5.0.5 question (username not known)
svaughan
svaughan at asterion.com
Mon Feb 12 17:34:30 EST 2001
Damien,
I would be glad too.
I should have some free time this week.
thanks
Sam
On Mon, 12 Feb 2001, Damien Miller wrote:
> On Mon, 12 Feb 2001, Jim Knoble wrote:
>
> > Circa 2001-Feb-11 00:37:45 +0100 dixit Gert Doering:
> >
> > : The system call required is "setluid(uid_t)", and should be done at the
> > : place in sshd where the user ID is set, all root privileges are revoked,
> > : and the user shell is "to be called". Caveat: if sshd is run from the
> > : command line, like "make ; make install; sshd", setluid() will fail - but
> > : there's nothing we can do, except recommend to run sshd only from
> > : /etc/inittab (":once:" settings).
> >
> > Actually, what sshd probably wants to do is something like the following:
> >
> > #ifdef HAVE_SETLUID
> > if (-1 == getluid()) {
> > setluid(my_uid);
> > }
> > #else
> > #ifdef HAVE_SETAUID
> > /* Similar stuff for Solaris or other systems with setauid(). */
> > #endif
> > #endif
>
> Would it be possible for someone with access to one of these systems to
> turn the above into a patch and test it?
>
> You want to start in the do_child() function in session.c. Be careful,
> there is a lot of OS-dependant stuff in that function.
>
> If noone steps up, then I can create a patch, but I don't have ready
> access to a C2 system and would thus be flying blind.
>
> -d
>
>
> --
> | Damien Miller <djm at mindrot.org> \ ``E-mail attachments are the poor man's
> | http://www.mindrot.org / distributed filesystem'' - Dan Geer
>
More information about the openssh-unix-dev
mailing list