NeXT 3.3 vs openssh-2.5.1p1 (Couldn't restore privileges)

Mon Feb 26 16:45:39 EST 2001

On Sun, 25 Feb 2001, Gert Doering wrote:

> Hi,
> 
> On Sat, Feb 24, 2001 at 08:04:13PM -0600, mouring at etoh.eviladmin.org wrote:
> > [..]
> > > Bagged openssh-2.5.1p1, went thru it again, only to find ssh fatals out w/
> > > Couldn't restore privileges.
> > > 
> > FYI.. Use 'prngd'  and do --with-egd-pool=/path/to/random  and this will
> > solve your problem about "Couldn't restore priviledges."  This is an issue
> > with just using the pure-built in Entropy system.
> 
> Yes, but that won't work on SCO 3, as it doesn't have unix sockets :-(
> 
> What I don't really understand is why the seteuid() stuff in entropy.c
> isn't working here - from the docs, it should... - how is uid changing
> done in other parts of ssh?

See uidswap.c 

Have a look at this patch. It might work (it does run) but
it might be doing the wrong thing security wise.
I came up with this after looking at uidswap.c

For SCO 3 and NeXT,
#define SAVED_IDS_DO_NOT_WORK_WITH_SETEUID

> 
> gert
> 

-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net

-------------- next part --------------

--- openssh_cvs/entropy.c.old	Sun Feb 18 11:04:39 2001
+++ openssh_cvs/entropy.c	Sun Feb 25 21:38:19 2001
@@ -825,13 +825,36 @@
 	prng_seed_saved = 0;
 
 	/* Give up privs while reading seed file */
+#ifndef SAVED_IDS_DO_NOT_WORK_WITH_SETEUID
 	if ((original_uid != original_euid) && (seteuid(original_uid) == -1))
 		fatal("Couldn't give up privileges");
+#else /* SAVED_IDS_DO_NOT_WORK_WITH_SETEUID */
+	if (original_uid != original_euid) 
+	{
+		/* Propagate the privileged uid to all of our uids. */
+		/* Set the effective uid to the given (unprivileged) uid. */
+		if ((setuid(original_euid) || seteuid(original_uid)) == -1)
+			fatal("Couldn't give up privileges");
+	}
+#endif /* SAVED_IDS_DO_NOT_WORK_WITH_SETEUID */
 
 	prng_read_seedfile();
 
+#ifndef SAVED_IDS_DO_NOT_WORK_WITH_SETEUID
 	if ((original_uid != original_euid) && (seteuid(original_euid) == -1))
 		fatal("Couldn't restore privileges");
+#else /* SAVED_IDS_DO_NOT_WORK_WITH_SETEUID */
+	/*
+	 * We are unable to restore the real uid to its unprivileged value.
+	 * Propagate the real uid (usually more privileged) to effective uid
+	 * as well.
+	 */
+	if (original_uid != original_euid)
+	{
+		if ((seteuid(original_euid) || setuid(original_uid)) == -1)
+			fatal("Couldn't restore privileges");
+	}
+#endif /* SAVED_IDS_DO_NOT_WORK_WITH_SETEUID */
 
 	fatal_add_cleanup(prng_seed_cleanup, NULL);
 	atexit(prng_write_seedfile);
