summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-03-22 03:11:49 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-03-22 03:11:49 +0000
commitc7431341911e911993776c357ca57d1fb7ed1b23 (patch)
tree3e7fec3c3985b8f7584b4a03ce7df035d361c442 /sshd.c
parentf34e4eb6c730fa38640aeef5f6801035caaba460 (diff)
- stevesk@cvs.openbsd.org 2002/03/20 19:12:25
[servconf.c servconf.h ssh.h sshd.c] for unprivileged user, group do: pw=getpwnam(SSH_PRIVSEP_USER); do_setusercontext(pw). ok provos@
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c15
1 files changed, 10 insertions, 5 deletions
diff --git a/sshd.c b/sshd.c
index b6e71d84..dc109815 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.234 2002/03/19 10:49:35 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.235 2002/03/20 19:12:25 stevesk Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -521,6 +521,7 @@ privsep_preauth_child(void)
{
u_int32_t rand[256];
int i;
+ struct passwd *pw;
/* Enable challenge-response authentication for privilege separation */
privsep_challenge_enable();
@@ -532,6 +533,11 @@ privsep_preauth_child(void)
/* Demote the private keys to public keys. */
demote_sensitive_data();
+ if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
+ fatal("%s: no user", SSH_PRIVSEP_USER);
+ memset(pw->pw_passwd, 0, strlen(pw->pw_passwd));
+ endpwent();
+
/* Change our root directory*/
if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
@@ -540,10 +546,9 @@ privsep_preauth_child(void)
fatal("chdir(/)");
/* Drop our privileges */
- setegid(options.unprivileged_group);
- setgid(options.unprivileged_group);
- seteuid(options.unprivileged_user);
- setuid(options.unprivileged_user);
+ debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
+ (u_int)pw->pw_gid);
+ do_setusercontext(pw);
}
static void