multiuser sshd as non-root
Darren Tucker
dtucker at dtucker.net
Mon Aug 5 22:15:15 AEST 2019
On Mon, 5 Aug 2019 at 20:26, Adam Endrodi <endrodi at nokia.com> wrote:
[...]
> My question is, do you think such a use case (running multiuser sshd as
> non-root) is possible theoretically, or can it be implemented with a
> small patch?
I suspect it will not work out of the box, because there are a number
of checks of the form (this one is from uidswap.c):
if (geteuid() != 0) {
privileged = 0;
return;
}
I also suspect it could be made to work with a relatively small set of
changes. For a proof of concept I'd suggest you try changing all of
the instances of "privileged = 0" to "privileged = 1" in uidswap.c
(this would not be suitable for real use, though).
--
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860 37F4 9357 ECEF 11EA A6FA (new)
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list