OpenSSH 3.7p1, PrivSep, and Tru64 broken (sorry)
Darren Tucker
dtucker at zip.com.au
Sun Sep 21 22:41:17 EST 2003
Chris Adams wrote:
> This could also be a security problem for SIA authentication in general
> (any version of OpenSSH on Tru64, using PrivSep or not), as I wrote
> auth-sia.c to use setreuid() (per the Tru64 SIA documentation), so the
> saved UID carries forward there.
[snip]
(patch to auth-sia.c)
> - if (setreuid(geteuid(), geteuid()) < 0)
> - fatal("setreuid: %s", strerror(errno));
> + uid = geteuid();
> + if (setuid(0) < 0)
> + fatal("setuid: %s", strerror(errno));
> + if (setuid(uid) < 0)
> + fatal("setuid: %s", strerror(errno));
Any reason not to use permanently_set_uid() here?
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
More information about the openssh-unix-dev
mailing list