ssh setuid changes.

Wed Jun 12 04:09:14 EST 2002

On Tue, Jun 11, 2002 at 11:30:42AM -0500, Ben Lindstrom wrote:
> 2. ssh_create_socket() changed slightly, which should only affect Cygwin.
> However, looking at the code I think it just needs a glance over by the
> porter to ensure no additional work is needed.
> 
> sshconnect.c:
> @@ -297,26 +295,14 @@
>                                 host, ntop, strport);
> 
>                         /* Create a socket for connecting. */
> -                       sock = ssh_create_socket(pw,
> -#ifdef HAVE_CYGWIN
> -                           !anonymous,
> -#else
> -                           !anonymous && geteuid() == 0,
> -#endif
> +                       sock = ssh_create_socket(needpriv, ai->ai_family);
> 
> 
> If there is problems with having ssh setuid please speak up and
> preferable with a patch so I don't have to suffer at the hands of my poor
> 68k-25mhz box.=)

You just moved the problem.

Index: ssh.c
===================================================================
RCS file: /cvs/openssh_cvs/ssh.c,v
retrieving revision 1.152
diff -u -p -r1.152 ssh.c

--- ssh.c	11 Jun 2002 16:37:52 -0000	1.152
+++ ssh.c	11 Jun 2002 18:07:15 -0000
@@ -615,7 +615,11 @@ again:
 
 	cerr = ssh_connect(host, &hostaddr, options.port, IPv4or6,
 	    options.connection_attempts,
+#ifdef HAVE_CYGWIN
+	    options.use_privileged_port,
+#else
 	    original_effective_uid == 0 && options.use_privileged_port,
+#endif
 	    options.proxy_command);
 
 	/*

I'm still convinced that expressions as

	if (uid == 0)

should be changed to a function call

	if (is_superuser (uid))

which would allow to write platform dependent code in port-XXX.c
instead of having the need for #ifdef's.

Corinna

-- 
Corinna Vinschen
Cygwin Developer
Red Hat, Inc.
mailto:vinschen at redhat.com

