Bugzilla – Attachment 3162 Details for
Bug 2874
Privilege-dropping fails on some container systems
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
PRIV_{START_END}: check if seteuid calls are needed before calling
ssh-defer-seteuid.patch (text/plain), 982 bytes, created by
Darren Tucker
on 2018-07-06 13:37:15 AEST
(
hide
)
Description:
PRIV_{START_END}: check if seteuid calls are needed before calling
Filename:
MIME Type:
Creator:
Darren Tucker
Created:
2018-07-06 13:37:15 AEST
Size:
982 bytes
patch
obsolete
>Index: sshconnect.h >=================================================================== >RCS file: /cvs/src/usr.bin/ssh/sshconnect.h,v >retrieving revision 1.32 >diff -u -p -r1.32 sshconnect.h >--- sshconnect.h 10 Feb 2018 09:25:35 -0000 1.32 >+++ sshconnect.h 6 Jul 2018 03:35:01 -0000 >@@ -64,7 +64,8 @@ void maybe_add_key_to_agent(char *, con > */ > #define PRIV_START do { \ > int save_errno = errno; \ >- if (seteuid(original_effective_uid) != 0) \ >+ if (geteuid() != original_effective_uid && \ >+ seteuid(original_effective_uid) != 0) \ > fatal("PRIV_START: seteuid: %s", \ > strerror(errno)); \ > errno = save_errno; \ >@@ -72,7 +73,8 @@ void maybe_add_key_to_agent(char *, con > > #define PRIV_END do { \ > int save_errno = errno; \ >- if (seteuid(original_real_uid) != 0) \ >+ if (geteuid() != original_real_uid && \ >+ seteuid(original_real_uid) != 0) \ > fatal("PRIV_END: seteuid: %s", \ > strerror(errno)); \ > errno = save_errno; \
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=3162">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 2874
: 3162