privsep patch, Please test (take 3)
Tim Rice
tim at multitalents.net
Sat Jun 8 04:18:59 EST 2002
On Fri, 7 Jun 2002, Kevin Steves wrote:
> On Thu, Jun 06, 2002 at 05:49:13PM -0700, Tim Rice wrote:
> > > > --- openssh/session.c.old Sun May 12 20:25:02 2002
> > > > +++ openssh/session.c Wed May 29 07:39:22 2002
> > > > @@ -1089,10 +1089,11 @@
> > > > exit(1);
> > > > }
> > > > /* Initialize the group list. */
> > > > - if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
> > > > - perror("initgroups");
> > > > - exit(1);
> > > > - }
> > > > + if (strcmp(pw->pw_name, SSH_PRIVSEP_USER))
> > > > + if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
> > > > + perror("initgroups");
> > > > + exit(1);
> > > > + }
> > >
> > > why are we doing this?
> >
> > On some platforms initgroups() fails in the chroot child. As initgroups
> > is unnecessary for the sshd user, this fixes that problem. I'm open
> > to any better ways.
>
> i think if we don't call initgroups (or setgroups) the unprivileged
> process will retain root's supplementary groups.
>
We do call setgroups early on in main()
/*
* Clear out any supplemental groups we may have inherited. This
* prevents inadvertent creation of files with bad modes (in the
* portable version at least, it's certainly possible for PAM
* to create a file, and we can't control the code in every
* module which might be used).
*/
if (setgroups(0, NULL) < 0)
debug("setgroups() failed: %.200s", strerror(errno));
--
Tim Rice Multitalents (707) 887-1469
tim at multitalents.net
More information about the openssh-unix-dev
mailing list