ssh drops privs when it can't find ~/.ssh/prng_seed
Damien Miller
djm at mindrot.org
Wed Jan 17 09:31:32 EST 2001
On Tue, 16 Jan 2001, Andrew Stribblehill wrote:
> I'm using OpenSSH 2.3.0p1. When my users use ssh for the first
> time, using rhosts authentication, entropy.c drops the privs in
> prng_write_seedfile() at the setuid(original_uid) line (line 550,
> approx):
> Can anyone explain firstly why it does this, and secondly how I
> can stop it?
Try the below patch, which causes seeds to be only written upon exit.
Index: entropy.c
===================================================================
RCS file: /var/cvs/openssh/entropy.c,v
retrieving revision 1.22
diff -u -r1.22 entropy.c
--- entropy.c 2000/11/24 23:09:32 1.22
+++ entropy.c 2001/01/16 22:29:37
@@ -601,12 +601,7 @@
debug("loading PRNG seed from file %.100s", filename);
if (!prng_check_seedfile(filename)) {
- verbose("Random seed file not found, creating new");
- prng_write_seedfile();
-
- /* Reseed immediatly */
- (void)stir_from_system();
- (void)stir_from_programs();
+ verbose("Random seed file not found or not valid, ignoring.");
return;
}
--
| ``We've all heard that a million monkeys banging on | Damien Miller -
| a million typewriters will eventually reproduce the | <djm at mindrot.org>
| works of Shakespeare. Now, thanks to the Internet, /
| we know this is not true.'' - Robert Wilensky UCB / http://www.mindrot.org
More information about the openssh-unix-dev
mailing list