BSD/OS with privsep
Kevin Steves
kevin at atomicgears.com
Wed Jun 26 03:17:24 EST 2002
On Tue, Jun 25, 2002 at 12:40:24PM +0200, Markus Friedl wrote:
> +#if 0
> + /* XXX not ready, to heavy after chroot */
> do_setusercontext(pw);
> +#else
> + {
> + gid_t gidset[2];
> +
> + gidset[0] = pw->pw_gid;
> + if (setgid(pw->pw_gid) < 0)
> + fatal("setgid failed for %u", pw->pw_gid );
> + if (setgroups(1, gidset) < 0)
> + fatal("setgroups: %.100s", strerror(errno));
> + permanently_set_uid(pw);
> + }
> +#endif
this looks fine to me.
> --- session.c.orig Tue Jun 25 13:28:07 2002
> +++ session.c Tue Jun 25 13:33:16 2002
> @@ -1154,22 +1154,26 @@
> {
> #ifdef HAVE_CYGWIN
> if (is_winnt) {
> #else /* HAVE_CYGWIN */
> if (getuid() == 0 || geteuid() == 0) {
> #endif /* HAVE_CYGWIN */
> #ifdef HAVE_SETPCRED
> setpcred(pw->pw_name);
> #endif /* HAVE_SETPCRED */
> #ifdef HAVE_LOGIN_CAP
> - if (setusercontext(lc, pw, pw->pw_uid,
> - (LOGIN_SETALL & ~LOGIN_SETPATH)) < 0) {
> + int flags = LOGIN_SETALL & ~LOGIN_SETPATH;
> +#ifdef __bsdi__
> + if (getpid() != getpgrp())
> + flags &= ~LOGIN_SETLOGIN;
> +#endif
> + if (setusercontext(lc, pw, pw->pw_uid, flags) < 0) {
> perror("unable to set user context");
> exit(1);
> }
i don't understand the reasons for setlogin() differences between
bsdi !bsdi.
More information about the openssh-unix-dev
mailing list