summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2001-06-09 01:20:06 +0000
committerBen Lindstrom <mouring@eviladmin.org>2001-06-09 01:20:06 +0000
commit983c098311526a2e09a7c2cee18f3bf1081431e5 (patch)
tree63ca288905f887632124aeaf6f9fc6aa68d8ef43
parent742e89ec5d6d51402e8140f9eca4222405ffce36 (diff)
- markus@cvs.openbsd.org 2001/06/04 21:59:43
[channels.c channels.h session.c] switch uid when cleaning up tmp files and sockets; reported by zen-parse@gmx.net on bugtraq
-rw-r--r--ChangeLog6
-rw-r--r--channels.c12
-rw-r--r--channels.h4
-rw-r--r--session.c21
4 files changed, 27 insertions, 16 deletions
diff --git a/ChangeLog b/ChangeLog
index d8d422d1..ba70812f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -35,6 +35,10 @@
the challenge response device decides how to handle non-existing
users.
-> fake challenges for skey and cryptocard
+ - markus@cvs.openbsd.org 2001/06/04 21:59:43
+ [channels.c channels.h session.c]
+ switch uid when cleaning up tmp files and sockets; reported by
+ zen-parse@gmx.net on bugtraq
20010606
- OpenBSD CVS Sync
@@ -5546,4 +5550,4 @@
- Wrote replacements for strlcpy and mkdtemp
- Released 1.0pre1
-$Id: ChangeLog,v 1.1257 2001/06/09 01:17:23 mouring Exp $
+$Id: ChangeLog,v 1.1258 2001/06/09 01:20:06 mouring Exp $
diff --git a/channels.c b/channels.c
index 11061389..32c23be1 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.122 2001/06/03 14:55:38 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.123 2001/06/04 21:59:42 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -2777,12 +2777,16 @@ auth_get_socket_name()
/* removes the agent forwarding socket */
void
-auth_sock_cleanup_proc(void *ignored)
+auth_sock_cleanup_proc(void *_pw)
{
+ struct passwd *pw = _pw;
+
if (auth_sock_name) {
+ temporarily_use_uid(pw);
unlink(auth_sock_name);
rmdir(auth_sock_dir);
auth_sock_name = NULL;
+ restore_uid();
}
}
@@ -2826,7 +2830,7 @@ auth_input_request_forwarding(struct passwd * pw)
auth_sock_dir, (int) getpid());
/* delete agent socket on fatal() */
- fatal_add_cleanup(auth_sock_cleanup_proc, NULL);
+ fatal_add_cleanup(auth_sock_cleanup_proc, pw);
/* Create the socket. */
sock = socket(AF_UNIX, SOCK_STREAM, 0);
@@ -2856,7 +2860,7 @@ auth_input_request_forwarding(struct passwd * pw)
0, xstrdup("auth socket"), 1);
if (nc == NULL) {
error("auth_input_request_forwarding: channel_new failed");
- auth_sock_cleanup_proc(NULL);
+ auth_sock_cleanup_proc(pw);
close(sock);
return 0;
}
diff --git a/channels.h b/channels.h
index c1815d58..3de9627a 100644
--- a/channels.h
+++ b/channels.h
@@ -32,7 +32,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
-/* RCSID("$OpenBSD: channels.h,v 1.36 2001/06/03 14:55:39 markus Exp $"); */
+/* RCSID("$OpenBSD: channels.h,v 1.37 2001/06/04 21:59:42 markus Exp $"); */
#ifndef CHANNEL_H
#define CHANNEL_H
@@ -223,7 +223,7 @@ void deny_input_open(int type, int plen, void *ctxt);
void auth_request_forwarding(void);
char *auth_get_socket_name(void);
-void auth_sock_cleanup_proc(void *ignored);
+void auth_sock_cleanup_proc(void *pw);
int auth_input_request_forwarding(struct passwd * pw);
void auth_input_open_request(int type, int plen, void *ctxt);
diff --git a/session.c b/session.c
index ce9b2002..c65c7e66 100644
--- a/session.c
+++ b/session.c
@@ -33,7 +33,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: session.c,v 1.79 2001/06/03 14:55:39 markus Exp $");
+RCSID("$OpenBSD: session.c,v 1.80 2001/06/04 21:59:43 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -132,7 +132,7 @@ void do_pre_login(Session *s);
void do_child(Session *s, const char *command);
void do_motd(void);
int check_quietlogin(Session *s, const char *command);
-void xauthfile_cleanup_proc(void *ignore);
+void xauthfile_cleanup_proc(void *pw);
void do_authenticated1(Authctxt *authctxt);
void do_authenticated2(Authctxt *authctxt);
@@ -200,21 +200,23 @@ do_authenticated(Authctxt *authctxt)
/* remote user's local Xauthority file and agent socket */
if (xauthfile)
- xauthfile_cleanup_proc(NULL);
+ xauthfile_cleanup_proc(authctxt->pw);
if (auth_get_socket_name())
- auth_sock_cleanup_proc(NULL);
+ auth_sock_cleanup_proc(authctxt->pw);
}
/*
* Remove local Xauthority file.
*/
void
-xauthfile_cleanup_proc(void *ignore)
+xauthfile_cleanup_proc(void *_pw)
{
- debug("xauthfile_cleanup_proc called");
+ struct passwd *pw = _pw;
+ char *p;
+ debug("xauthfile_cleanup_proc called");
if (xauthfile != NULL) {
- char *p;
+ temporarily_use_uid(pw);
unlink(xauthfile);
p = strrchr(xauthfile, '/');
if (p != NULL) {
@@ -223,6 +225,7 @@ xauthfile_cleanup_proc(void *ignore)
}
xfree(xauthfile);
xauthfile = NULL;
+ restore_uid();
}
}
@@ -399,7 +402,7 @@ do_authenticated1(Authctxt *authctxt)
if (fd >= 0)
close(fd);
restore_uid();
- fatal_add_cleanup(xauthfile_cleanup_proc, NULL);
+ fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
success = 1;
break;
@@ -1811,7 +1814,7 @@ session_x11_req(Session *s)
if (fd >= 0)
close(fd);
restore_uid();
- fatal_add_cleanup(xauthfile_cleanup_proc, s);
+ fatal_add_cleanup(xauthfile_cleanup_proc, s->pw);
return 1;
}