3.0.2p1: all sshd processes owned by root

Jeff A. Earickson jaearick at colby.edu
Fri Feb 15 02:57:54 EST 2002


   I installed 3.0.2p1 on our Solaris 8 systems this week (new to ssh),
and when I look at the process list for sshd, I see:

    root 14547     1  0 10:35:29 ?        0:00 /opt/openssh/sbin/sshd
    root 14548 14547  0 10:35:36 ?        0:01 /opt/openssh/sbin/sshd

Process 14547 is the deamon listening on port 22, but process 14548 is
my connection from elsewhere.  I consider it a design flaw (cough, bug)
that this process is owned by root and not by the user who made the
connection, eg:

    root 14547     1  0 10:35:29 ?        0:00 /opt/openssh/sbin/sshd
 joeblow 14548 14547  0 10:35:36 ?        0:01 /opt/openssh/sbin/sshd

So, I looked at the source code for sshd.  Why are there no setuid() and
setgid() calls in the code to change to the user, after the child process
is forked off to process the new connection?  It looks like the uid and
gid of the user should be known after do_authentication() or
do_authentication2() has been called, so the ownership of the forked
daemon could be changed after this point.  Why isn't it?

--- Jeff Earickson, Colby College

More information about the openssh-unix-dev mailing list