SCO 3 / CVS version

Gert Doering gert at greenie.muc.de
Wed Mar 20 03:29:04 EST 2002 

Hi,

On Tue, Mar 19, 2002 at 03:07:17PM +0100, Gert Doering wrote:
> > but the ssh client is broken
> > on SCO3. I haven't had time to fix it. It's been a while since I looked
> > at the problem but I think it had to with seteuid() not working as
> > documented on SCO.
> 
> If the client is not suid-root, it will work fine (but of course without
> any kind of hostbased/rhosts authentication).  With suid, it bombs when
> calling ssh-rand-helper.

Weird.  We end up at this point with:

 uid=0  euid=2  (uid 2 is the user that I'm testing with)

(I don't know why - usually its the other way round).

The setuid() man page actually states that "setuid(2)" won't work from
this point, as it isn't one of the cases that are documented to work
(euid=0, uid=<anything> would work, as would uid=2, euid=<anything>. 
The third case is saved-setuid, which might have been garbled further 
"up").

Interesting enough, if I do:

  seteuid(getuid())
  (-> uid=0, euid=0)

and *then* do

  setuid(original_uid)

I end up with uid=2, euid=2, which is what is desired.  So my patch for
entropy.c looks like this:


Index: entropy.c
===================================================================
RCS file: /cvs/openssh_cvs/entropy.c,v
retrieving revision 1.41
diff -u -w -r1.41 entropy.c
--- entropy.c	11 Mar 2002 00:16:35 -0000	1.41
+++ entropy.c	19 Mar 2002 16:24:13 -0000
@@ -85,9 +85,10 @@
 		close(devnull);
 
 		if (original_uid != original_euid && 
-		    setuid(original_uid) == -1) {
-			fprintf(stderr, "(rand child) setuid: %s\n", 
-			    strerror(errno));
+		    ( seteuid(getuid()) == -1 || 
+		      setuid(original_uid) == -1) ) {
+			fprintf(stderr, "(rand child) setuid(%d): %s\n", 
+			    original_uid, strerror(errno));
 			_exit(1);
 		}
 		

I think this should be fine from a a security stand point - both uid
and euid are non-root in the child (tested), so I'll keep it that way.

gert

-- 
USENET is *not* the non-clickable part of WWW!
                                                           //www.muc.de/~gert/
Gert Doering - Munich, Germany                             gert at greenie.muc.de
fax: +49-89-35655025                        gert.doering at physik.tu-muenchen.de

More information about the openssh-unix-dev mailing list