uidswap.c breaks ssh when originating user is root

Jukka A. Ukkonen jau at iki.fi
Sun Aug 29 23:05:32 EST 2004


	EHLO,

	Somehow I don't think it makes any sense to test whether the
	gid/egid can be changed, if the original uid happened to be
	root. Root can always change the gid/egid anyhow.

	So, I would like to propose the following change to 3.9p1...


--- uidswap.c.orig	Sun Aug 29 15:43:57 2004
+++ uidswap.c	Sun Aug 29 15:44:05 2004
@@ -201,7 +201,7 @@
 #endif
 
 	/* Try restoration of GID if changed (test clearing of saved gid) */
-	if (old_gid != pw->pw_gid &&
+	if (old_uid && (old_gid != pw->pw_gid) &&
 	    (setgid(old_gid) != -1 || setegid(old_gid) != -1))
 		fatal("%s: was able to restore old [e]gid", __func__);
 

	After this change also root can again use ssh-3.9p1.

	I hope this helps.


	Cheers,
		// jau
.---  ..-  -.-  -.-  .-    .-  .-.-.-    ..-  -.-  -.-  ---  -.  .  -.
  /    Jukka A. Ukkonen,                            Mawit Ltd, Finland
 /__   M.Sc. (sw-eng & cs)                    (Phone) +358-500-606-671
   /   Internet: Jukka.Ukkonen(a)Mawit.Com      (Home) +358-9-6215-280
  /    Internet: ukkonen(a)nic.funet.fi
 v     Internet: jau(a)iki.fi
        .---  .-  ..-  ...-.-  ..  -.-  ..  .-.-.-  ..-.  ..
+ + + + My opinions are mine and mine alone, not my employers. + + + +




More information about the openssh-unix-dev mailing list