multiuser sshd as non-root
Corinna Vinschen
vinschen at redhat.com
Mon Aug 5 22:32:59 AEST 2019
On Aug 5 22:15, Darren Tucker wrote:
> On Mon, 5 Aug 2019 at 20:26, Adam Endrodi <endrodi at nokia.com> wrote:
> [...]
> > My question is, do you think such a use case (running multiuser sshd as
> > non-root) is possible theoretically, or can it be implemented with a
> > small patch?
>
> I suspect it will not work out of the box, because there are a number
> of checks of the form (this one is from uidswap.c):
>
> if (geteuid() != 0) {
> privileged = 0;
> return;
> }
>
> I also suspect it could be made to work with a relatively small set of
> changes. For a proof of concept I'd suggest you try changing all of
> the instances of "privileged = 0" to "privileged = 1" in uidswap.c
> (this would not be suitable for real use, though).
Some of the Cygwin-specific code in OpenSSH allow to run sshd as a
privileged user with non-0 UID. Maybe those can help as well in that
scenario.
Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20190805/c3ee6f8c/attachment.asc>
More information about the openssh-unix-dev
mailing list