SCO 5.0.5 setluid patch
svaughan
svaughan at asterion.com
Wed Feb 21 21:46:05 EST 2001
Oops, sorry. I jumped the gun here. I just remembered that I am running
2.3.0p1 with the setluid patch on my servers. Ignore my previous
email. I downloaded 2.5.1p1 and tested it. It does not set the luid
correctly on my SCO 5.0.5 box.
setluid is erring out because:
sshd[15834]: error: setluid: Operation not permitted
After looking through session.c again and doing some more research. It
turns out that setluid needs to be called before setuid and setgid. After
these are set the LUID cannot be changed, even by root.
from the setluid manpage:
The setluid routine is invoked by the login(M) program just prior to the
identity changes caused by setuid(S) and setgid(S) calls.
Here is a patch with setluid being called in a better spot.
Sorry, I should have caught this earlier.
Sam
*** openssh-2.5.1p1/session.c Sun Feb 18 11:13:34 2001
--- openssh-2.5.1p1_patch/session.c Wed Feb 21 02:05:28 2001
***************
*** 1075,1080 ****
}
#endif
# else /* HAVE_LOGIN_CAP */
if (setlogin(pw->pw_name) < 0)
error("setlogin failed: %s",
strerror(errno));
if (setgid(pw->pw_gid) < 0) {
--- 1075,1086 ----
}
#endif
# else /* HAVE_LOGIN_CAP */
+
+ #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
+ /* Sets login uid for accounting */
+ if (getluid() == -1 && setluid(pw->pw_uid) == -1)
+ error("setluid: %s", strerror(errno));
+ #endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */
if (setlogin(pw->pw_name) < 0)
error("setlogin failed: %s",
strerror(errno));
if (setgid(pw->pw_gid) < 0) {
***************
*** 1126,1136 ****
}
#endif /* HAVE_OSF_SIA */
- #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID)
- /* Sets login uid for accounting */
- if (getluid() == -1 && setluid(pw->pw_uid) == -1)
- error("setluid: %s", strerror(errno));
- #endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */
#ifdef HAVE_CYGWIN
if (is_winnt)
--- 1132,1137 ----
}
#endif /* HAVE_OSF_SIA */
#ifdef HAVE_CYGWIN
if (is_winnt)
>
> Hi Tim,
> Could you send me some info on your SCO machine you compiled
> on? setluid has been working great for me on all the SCO boxes in our
> network. (they are all 5.0.5)
>
>
> Thanks,
> Sam
>
> On Tue, 20 Feb 2001, Tim Rice wrote:
>
> > On Fri, 16 Feb 2001, Damien Miller wrote:
> >
> > > On Thu, 15 Feb 2001, svaughan wrote:
> > >
> > > > Here is an updated patch. Sorry, I thought setluid was SCO specific.
> > >
> > > I have modified your patch a little. Can you please give the below one
> > > a try?
> > >
> >
> > Close, but needs some work.
> > rlogin
> > tim(trr)@sco504 1% id -l
> > uid=31(tim) gid=85(trr) luid=31(tim) groups=85(trr),18(lp),50(group)
> >
> > ssh
> > tim(trr)@sco504 1% id -l
> > uid=31(tim) gid=85(trr) luid=0(root) groups=85(trr),18(lp),50(group)
> > ^^^^^^
> > Not quite what we want.
> >
> > > It does not try to do setluid for non-OpenServer systems. From docs.sco.com
> > > it says that Unixware also offers the get/setluid syscalls, but they will
> > > always fail.
> > >
> > [patch sniped]
> > >
> > >
> >
> > --
> > Tim Rice Multitalents (707) 887-1469
> > tim at multitalents.net
> >
> >
>
>
More information about the openssh-unix-dev
mailing list