summaryrefslogtreecommitdiff
path: root/sshd.c
diff options
context:
space:
mode:
authorBen Lindstrom <mouring@eviladmin.org>2002-06-25 23:24:18 +0000
committerBen Lindstrom <mouring@eviladmin.org>2002-06-25 23:24:18 +0000
commitfbcc3f71f24cf92fecc0bd51ec70271e5488e908 (patch)
tree54d70391bf5029971a39c6a2d104f88e220dc1d6 /sshd.c
parent6398a0ef12139ad40a63a6dda82a7847919f8c34 (diff)
- markus@cvs.openbsd.org 2002/06/25 18:51:04
[sshd.c] lightweight do_setusercontext after chroot()
Diffstat (limited to 'sshd.c')
-rw-r--r--sshd.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/sshd.c b/sshd.c
index 18df8ab8..851fad4b 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.250 2002/06/23 10:29:52 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.251 2002/06/25 18:51:04 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -530,6 +530,7 @@ static void
privsep_preauth_child(void)
{
u_int32_t rand[256];
+ gid_t gidset[2];
struct passwd *pw;
int i;
@@ -559,7 +560,17 @@ privsep_preauth_child(void)
/* Drop our privileges */
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
+#if 0
+ /* XXX not ready, to heavy after chroot */
do_setusercontext(pw);
+#else
+ gidset[0] = pw->pw_gid;
+ if (setgid(pw->pw_gid) < 0)
+ fatal("setgid failed for %u", pw->pw_gid );
+ if (setgroups(1, gidset) < 0)
+ fatal("setgroups: %.100s", strerror(errno));
+ permanently_set_uid(pw);
+#endif
}
static Authctxt*