multiuser sshd as non-root

Darren Tucker dtucker at dtucker.net
Mon Aug 5 22:15:15 AEST 2019


On Mon, 5 Aug 2019 at 20:26, Adam Endrodi <endrodi at nokia.com> wrote:
[...]
> My question is, do you think such a use case (running multiuser sshd as
> non-root) is possible theoretically, or can it be implemented with a
> small patch?

I suspect it will not work out of the box, because there are a number
of checks of the form (this one is from uidswap.c):

        if (geteuid() != 0) {
                privileged = 0;
                return;
        }

I also suspect it could be made to work with a relatively small set of
changes.  For a proof of concept I'd suggest you try changing all of
the instances of "privileged = 0" to "privileged = 1" in uidswap.c
(this would not be suitable for real use, though).

-- 
Darren Tucker (dtucker at dtucker.net)
GPG key 11EAA6FA / A86E 3E07 5B19 5880 E860  37F4 9357 ECEF 11EA A6FA (new)
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.


More information about the openssh-unix-dev mailing list