summaryrefslogtreecommitdiff
path: root/ssh.c
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2002-09-04 16:50:06 +1000
committerDamien Miller <djm@mindrot.org>2002-09-04 16:50:06 +1000
commit50b9a60082171c12deed0d52f47c03bdc75d8cb4 (patch)
treee321e91bb15fcd624239b7c8b79b9e3a2eba348f /ssh.c
parent9b1dacdf2cc18aa150bc2a293e7180db79103f9a (diff)
- stevesk@cvs.openbsd.org 2002/08/29 19:49:42
[ssh.c] shrink initial privilege bracket for setuid case; ok markus@
Diffstat (limited to 'ssh.c')
-rw-r--r--ssh.c20
1 files changed, 10 insertions, 10 deletions
diff --git a/ssh.c b/ssh.c
index de1e8cc5..dcbf68d9 100644
--- a/ssh.c
+++ b/ssh.c
@@ -40,7 +40,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: ssh.c,v 1.183 2002/08/29 16:02:54 stevesk Exp $");
+RCSID("$OpenBSD: ssh.c,v 1.184 2002/08/29 19:49:42 stevesk Exp $");
#include <openssl/evp.h>
#include <openssl/err.h>
@@ -228,6 +228,15 @@ main(int ac, char **av)
*/
original_real_uid = getuid();
original_effective_uid = geteuid();
+
+ /*
+ * Use uid-swapping to give up root privileges for the duration of
+ * option processing. We will re-instantiate the rights when we are
+ * ready to create the privileged port, and will permanently drop
+ * them when the port has been created (actually, when the connection
+ * has been made, as we may need to create the port several times).
+ */
+ PRIV_END;
#ifdef HAVE_SETRLIMIT
/* If we are installed setuid root be careful to not drop core. */
@@ -248,15 +257,6 @@ main(int ac, char **av)
pw = pwcopy(pw);
/*
- * Use uid-swapping to give up root privileges for the duration of
- * option processing. We will re-instantiate the rights when we are
- * ready to create the privileged port, and will permanently drop
- * them when the port has been created (actually, when the connection
- * has been made, as we may need to create the port several times).
- */
- PRIV_END;
-
- /*
* Set our umask to something reasonable, as some files are created
* with the default umask. This will make them world-readable but
* writable only by the owner, which is ok for all files for which we