privsep patch, Please test (take 3)

Tim Rice tim at multitalents.net
Sat Jun 8 04:18:59 EST 2002


On Fri, 7 Jun 2002, Kevin Steves wrote:

> On Thu, Jun 06, 2002 at 05:49:13PM -0700, Tim Rice wrote:
> > > > --- openssh/session.c.old	Sun May 12 20:25:02 2002
> > > > +++ openssh/session.c	Wed May 29 07:39:22 2002
> > > > @@ -1089,10 +1089,11 @@
> > > >  			exit(1);
> > > >  		}
> > > >  		/* Initialize the group list. */
> > > > -		if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
> > > > -			perror("initgroups");
> > > > -			exit(1);
> > > > -		}
> > > > +		if (strcmp(pw->pw_name, SSH_PRIVSEP_USER))
> > > > +			if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
> > > > +				perror("initgroups");
> > > > +				exit(1);
> > > > +			}
> > >
> > > why are we doing this?
> >
> > On some platforms initgroups() fails in the chroot child. As initgroups
> > is unnecessary for the sshd user, this fixes that problem. I'm open
> > to any better ways.
>
> i think if we don't call initgroups (or setgroups) the unprivileged
> process will retain root's supplementary groups.
>

We do call setgroups early on in main()
	/*
 	* Clear out any supplemental groups we may have inherited.  This
 	* prevents inadvertent creation of files with bad modes (in the
 	* portable version at least, it's certainly possible for PAM
 	* to create a file, and we can't control the code in every
 	* module which might be used).
 	*/
	if (setgroups(0, NULL) < 0)
        	debug("setgroups() failed: %.200s", strerror(errno));

-- 
Tim Rice				Multitalents	(707) 887-1469
tim at multitalents.net





More information about the openssh-unix-dev mailing list