5 --- sshd
.c
.orig
2013-02-12 00:04:48.000000000 +0000
7 @@
-237,7 +237,11 @@
int *startup_pipes
= NULL
;
8 int startup_pipe
; /* in child */
10 /* variables used for privilege separation */
16 struct monitor
*pmonitor
= NULL
;
17 int privsep_is_preauth
= 1;
19 @@
-625,10 +629,15 @@
privsep_preauth_child(void)
20 /* XXX not ready, too heavy after chroot */
21 do_setusercontext(privsep_pw
);
24 + if (setuser(privsep_pw
->pw_name
, NULL
, SU_COMPLETE
))
25 + fatal("setuser: %.100s", strerror(errno
));
27 gidset
[0] = privsep_pw
->pw_gid
;
28 if (setgroups(1, gidset
) < 0)
29 fatal("setgroups: %.100s", strerror(errno
));
30 permanently_set_uid(privsep_pw
);
31 +#endif /* HAVE_INTERIX */
35 @@
-688,7 +697,7 @@
privsep_preauth(Authctxt
*authctxt
)
36 set_log_handler(mm_log_handler
, pmonitor
);
38 /* Demote the child */
39 - if (getuid() == 0 || geteuid() == 0)
40 + if (getuid() == ROOTUID
|| geteuid() == ROOTUID
)
41 privsep_preauth_child();
42 setproctitle("%s", "[net]");
44 @@
-706,7 +715,7 @@
privsep_postauth(Authctxt
*authctxt
)
45 #ifdef DISABLE_FD_PASSING
48 - if (authctxt
->pw
->pw_uid
== 0 || options
.use_login
) {
49 + if (authctxt
->pw
->pw_uid
== ROOTUID
|| options
.use_login
) {
51 /* File descriptor passing is broken or root login */
53 @@
-1363,8 +1372,10 @@
main(int ac
, char **av
)
57 - if (geteuid() == 0 && setgroups(0, NULL
) == -1)
59 + if (geteuid() == ROOTUID
&& setgroups(0, NULL
) == -1)
60 debug("setgroups(): %.200s", strerror(errno
));
63 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
65 @@
-1732,7 +1743,7 @@
main(int ac
, char **av
)
66 (st
.st_uid
!= getuid () ||
67 (st
.st_mode
& (S_IWGRP
|S_IWOTH
)) != 0))
69 - if (st
.st_uid
!= 0 || (st
.st_mode
& (S_IWGRP
|S_IWOTH
)) != 0)
70 + if (st
.st_uid
!= ROOTUID
|| (st
.st_mode
& (S_IWGRP
|S_IWOTH
)) != 0)
72 fatal("%s must be owned by root and not group or "
73 "world-writable.", _PATH_PRIVSEP_CHROOT_DIR
);
74 @@
-1755,8 +1766,10 @@
main(int ac
, char **av
)
75 * to create a file
, and we can
't control the code in every
76 * module which might be used).
79 if (setgroups(0, NULL) < 0)
80 debug("setgroups() failed: %.200s", strerror(errno));
84 rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));