diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-25 23:24:18 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-06-25 23:24:18 +0000 |
| commit | fbcc3f71f24cf92fecc0bd51ec70271e5488e908 (patch) | |
| tree | 54d70391bf5029971a39c6a2d104f88e220dc1d6 /sshd.c | |
| parent | 6398a0ef12139ad40a63a6dda82a7847919f8c34 (diff) | |
- markus@cvs.openbsd.org 2002/06/25 18:51:04
[sshd.c]
lightweight do_setusercontext after chroot()
Diffstat (limited to 'sshd.c')
| -rw-r--r-- | sshd.c | 13 |
1 files changed, 12 insertions, 1 deletions
@@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.250 2002/06/23 10:29:52 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -530,6 +530,7 @@ static void privsep_preauth_child(void) { u_int32_t rand[256]; + gid_t gidset[2]; struct passwd *pw; int i; @@ -559,7 +560,17 @@ privsep_preauth_child(void) /* Drop our privileges */ debug3("privsep user:group %u:%u", (u_int)pw->pw_uid, (u_int)pw->pw_gid); +#if 0 + /* XXX not ready, to heavy after chroot */ do_setusercontext(pw); +#else + gidset[0] = pw->pw_gid; + if (setgid(pw->pw_gid) < 0) + fatal("setgid failed for %u", pw->pw_gid ); + if (setgroups(1, gidset) < 0) + fatal("setgroups: %.100s", strerror(errno)); + permanently_set_uid(pw); +#endif } static Authctxt* |