Attachment #2498 for bug #2299

View | Details | Raw Unified | Return to bug 2299
Collapse All | Expand All




void
permanently_drop_suid(uid_t uid)
{
#ifndef NO_UID_RESTORATION_TEST
	uid_t old_uid = getuid();
#endif


	if (setresuid(uid, uid, uid) < 0)
		fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno));

#ifndef NO_UID_RESTORATION_TEST
	/* Try restoration of UID if changed (test clearing of saved uid) */
	if (old_uid != uid &&
	    (setuid(old_uid) != -1 || seteuid(old_uid) != -1))

void
permanently_set_uid(struct passwd *pw)
{
#ifndef NO_UID_RESTORATION_TEST
	uid_t old_uid = getuid();
	gid_t old_gid = getgid();
#endif

	if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
		fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));

#ifndef NO_UID_RESTORATION_TEST
	/* Try restoration of GID if changed (test clearing of saved gid) */
	if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
	    (setgid(old_gid) != -1 || setegid(old_gid) != -1))

		    (u_int)pw->pw_gid);
	}

#ifndef NO_UID_RESTORATION_TEST
	/* Try restoration of UID if changed (test clearing of saved uid) */
	if (old_uid != pw->pw_uid &&
	    (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
- 

Return to bug 2299

Lines 134-140 temporarily_use_uid(struct passwd *pw) Link Here

(-)a/uidswap.c (-6 / +5 lines)
134	void	134	void
135	permanently_drop_suid(uid_t uid)	135	permanently_drop_suid(uid_t uid)
136	{	136	{
137	#ifndef HAVE_CYGWIN	137	#ifndef NO_UID_RESTORATION_TEST
138	uid_t old_uid = getuid();	138	uid_t old_uid = getuid();
139	#endif	139	#endif
140		140
Lines 142-148 permanently_drop_suid(uid_t uid) Link Here
142	if (setresuid(uid, uid, uid) < 0)	142	if (setresuid(uid, uid, uid) < 0)
143	fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno));	143	fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno));
144		144
145	#ifndef HAVE_CYGWIN	145	#ifndef NO_UID_RESTORATION_TEST
146	/* Try restoration of UID if changed (test clearing of saved uid) */	146	/* Try restoration of UID if changed (test clearing of saved uid) */
147	if (old_uid != uid &&	147	if (old_uid != uid &&
148	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))	148	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))
Lines 199-205 restore_uid(void) Link Here
199	void	199	void
200	permanently_set_uid(struct passwd *pw)	200	permanently_set_uid(struct passwd *pw)
201	{	201	{
202	#ifndef HAVE_CYGWIN	202	#ifndef NO_UID_RESTORATION_TEST
203	uid_t old_uid = getuid();	203	uid_t old_uid = getuid();
204	gid_t old_gid = getgid();	204	gid_t old_gid = getgid();
205	#endif	205	#endif
Lines 227-233 permanently_set_uid(struct passwd *pw) Link Here
227	if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)	227	if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
228	fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));	228	fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno));
229		229
230	#ifndef HAVE_CYGWIN	230	#ifndef NO_UID_RESTORATION_TEST
231	/* Try restoration of GID if changed (test clearing of saved gid) */	231	/* Try restoration of GID if changed (test clearing of saved gid) */
232	if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&	232	if (old_gid != pw->pw_gid && pw->pw_uid != 0 &&
233	(setgid(old_gid) != -1 \|\| setegid(old_gid) != -1))	233	(setgid(old_gid) != -1 \|\| setegid(old_gid) != -1))
Lines 241-247 permanently_set_uid(struct passwd *pw) Link Here
241	(u_int)pw->pw_gid);	241	(u_int)pw->pw_gid);
242	}	242	}
243		243
244	#ifndef HAVE_CYGWIN	244	#ifndef NO_UID_RESTORATION_TEST
245	/* Try restoration of UID if changed (test clearing of saved uid) */	245	/* Try restoration of UID if changed (test clearing of saved uid) */
246	if (old_uid != pw->pw_uid &&	246	if (old_uid != pw->pw_uid &&
247	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))	247	(setuid(old_uid) != -1 \|\| seteuid(old_uid) != -1))
248	-

Lines 546-551 case "$host" in Link Here

(-)a/configure.ac (+2 lines)
546	file descriptor passing])	546	file descriptor passing])
547	AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])	547	AC_DEFINE([SSH_IOBUFSZ], [65535], [Windows is sensitive to read buffer size])
548	AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])	548	AC_DEFINE([FILESYSTEM_NO_BACKSLASH], [1], [File names may not contain backslash characters])
		549	AC_DEFINE([NO_UID_RESTORATION_TEST], [1], [Turns off test, that tries to restore uid=0 after dropping privileges.])
549	# Cygwin defines optargs, optargs as declspec(dllimport) for historical	550	# Cygwin defines optargs, optargs as declspec(dllimport) for historical
550	# reasons which cause compile warnings, so we disable those warnings.	551	# reasons which cause compile warnings, so we disable those warnings.
551	OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])	552	OSSH_CHECK_CFLAG_COMPILE([-Wno-attributes])
Lines 832-837 mips-sony-bsd\|mips-sony-newsos4) Link Here
832	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd	833	AC_DEFINE([PASSWD_NEEDS_USERNAME], [1], [must supply username to passwd
833	in case the name is longer than 8 chars])	834	in case the name is longer than 8 chars])
834	AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])	835	AC_DEFINE([BROKEN_TCGETATTR_ICANON], [1], [tcgetattr with ICANON may hang])
		836	AC_DEFINE([NO_UID_RESTORATION_TEST], [1], [Turns off test, that tries to restore uid=0 after dropping privileges.])
835	external_path_file=/etc/default/login	837	external_path_file=/etc/default/login
836	# hardwire lastlog location (can't detect it on some versions)	838	# hardwire lastlog location (can't detect it on some versions)
837	conf_lastlog_location="/var/adm/lastlog"	839	conf_lastlog_location="/var/adm/lastlog"