-# $OpenBSD: Makefile.inc,v 1.59 2018/07/09 21:56:06 markus Exp $
+# $OpenBSD: Makefile.inc,v 1.60 2018/07/18 11:34:04 dtucker Exp $
.include <bsd.own.mk>
SRCS_UTL+= addrmatch.c
SRCS_UTL+= match.c
-SRCS_UTL+= uidswap.c
.if (${OPENSSL:L} == "yes")
SRCS_PKCS11+= ssh-pkcs11.c
-/* $OpenBSD: misc.c,v 1.129 2018/06/09 03:01:12 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.130 2018/07/18 11:34:04 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2005,2006 Damien Miller. All rights reserved.
#include "ssh.h"
#include "sshbuf.h"
#include "ssherr.h"
-#include "uidswap.h"
/* remove newline at end of string */
char *
-/* $OpenBSD: readconf.c,v 1.292 2018/07/04 13:49:31 djm Exp $ */
+/* $OpenBSD: readconf.c,v 1.293 2018/07/18 11:34:04 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
if ((pid = fork()) == 0) {
char *argv[4];
- /* Child. Permanently give up superuser privileges. */
- permanently_drop_suid(original_real_uid);
-
/* Redirect child stdin and stdout. Leave stderr */
if (dup2(devnull, STDIN_FILENO) == -1)
fatal("dup2: %s", strerror(errno));
-/* $OpenBSD: readpass.c,v 1.51 2015/12/11 00:20:04 mmcc Exp $ */
+/* $OpenBSD: readpass.c,v 1.52 2018/07/18 11:34:04 dtucker Exp $ */
/*
* Copyright (c) 2001 Markus Friedl. All rights reserved.
*
return NULL;
}
if (pid == 0) {
- permanently_drop_suid(getuid());
close(p[0]);
if (dup2(p[1], STDOUT_FILENO) < 0)
fatal("ssh_askpass: dup2: %s", strerror(errno));
-# $OpenBSD: Makefile,v 1.13 2018/01/08 15:37:38 markus Exp $
+# $OpenBSD: Makefile,v 1.14 2018/07/18 11:34:05 dtucker Exp $
.PATH: ${.CURDIR}/..
SRCS= ssh-keysign.c readconf.c
SRCS+= atomicio.c cleanup.c fatal.c msg.c
+SRCS+= uidswap.c
SRCS+= ${SRCS_BASE} ${SRCS_KEY} ${SRCS_KEYP} ${SRCS_KRL} ${SRCS_PKT} \
${SRCS_UTL}
PROG= ssh-keysign
-/* $OpenBSD: ssh.c,v 1.486 2018/07/16 22:25:01 dtucker Exp $ */
+/* $OpenBSD: ssh.c,v 1.487 2018/07/18 11:34:04 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "sshpty.h"
#include "match.h"
#include "msg.h"
-#include "uidswap.h"
#include "version.h"
#include "ssherr.h"
#include "myproposal.h"
original_real_uid = getuid();
original_effective_uid = geteuid();
- /*
- * Use uid-swapping to give up root privileges for the duration of
- * option processing. We will re-instantiate the rights when we are
- * ready to create the privileged port, and will permanently drop
- * them when the port has been created (actually, when the connection
- * has been made, as we may need to create the port several times).
- */
- PRIV_END;
-
- /* If we are installed setuid root be careful to not drop core. */
- if (original_real_uid != original_effective_uid) {
- struct rlimit rlim;
- rlim.rlim_cur = rlim.rlim_max = 0;
- if (setrlimit(RLIMIT_CORE, &rlim) < 0)
- fatal("setrlimit failed: %.100s", strerror(errno));
- }
+ if (getuid() != geteuid())
+ fatal("ssh setuid not supported.");
+ if (getgid() != getegid())
+ fatal("ssh setgid not supported.");
+
/* Get user data. */
pw = getpwuid(original_real_uid);
if (!pw) {
L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9);
}
}
- /*
- * Get rid of any extra privileges that we may have. We will no
- * longer need them. Also, extra privileges could make it very hard
- * to read identity files and other non-world-readable files from the
- * user's home directory if it happens to be on a NFS volume where
- * root is mapped to nobody.
- */
- if (original_effective_uid == 0) {
- PRIV_START;
- permanently_set_uid(pw);
- }
- /*
- * Now that we are back to our own permissions, create ~/.ssh
- * directory if it doesn't already exist.
- */
+ /* Create ~/.ssh * directory if it doesn't already exist. */
if (config == NULL) {
r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
-/* $OpenBSD: sshconnect.c,v 1.300 2018/07/11 18:53:29 markus Exp $ */
+/* $OpenBSD: sshconnect.c,v 1.301 2018/07/18 11:34:04 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
#include "ssh.h"
#include "sshbuf.h"
#include "packet.h"
-#include "uidswap.h"
#include "compat.h"
#include "sshkey.h"
#include "sshconnect.h"
if ((pid = fork()) == 0) {
char *argv[10];
- /* Child. Permanently give up superuser privileges. */
- permanently_drop_suid(original_real_uid);
-
close(sp[1]);
/* Redirect stdin and stdout. */
if (sp[0] != 0) {
if ((pid = fork()) == 0) {
char *argv[10];
- /* Child. Permanently give up superuser privileges. */
- permanently_drop_suid(original_real_uid);
-
/* Redirect stdin and stdout. */
close(pin[1]);
if (pin[0] != 0) {
static int
ssh_create_socket(int privileged, struct addrinfo *ai)
{
- int sock, r, oerrno;
+ int sock, r;
struct sockaddr_storage bindaddr;
socklen_t bindaddrlen = 0;
struct addrinfo hints, *res = NULL;
ssh_gai_strerror(r));
goto fail;
}
- /*
- * If we are running as root and want to connect to a privileged
- * port, bind our own socket to a privileged port.
- */
- if (privileged) {
- PRIV_START;
- r = bindresvport_sa(sock,
- bindaddrlen == 0 ? NULL : (struct sockaddr *)&bindaddr);
- oerrno = errno;
- PRIV_END;
- if (r < 0) {
- error("bindresvport_sa %s: %s", ntop,
- strerror(oerrno));
- goto fail;
- }
- } else if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) {
+ if (bind(sock, (struct sockaddr *)&bindaddr, bindaddrlen) != 0) {
error("bind %s: %s", ntop, strerror(errno));
goto fail;
}
-/* $OpenBSD: sshconnect.h,v 1.33 2018/07/16 11:05:41 dtucker Exp $ */
+/* $OpenBSD: sshconnect.h,v 1.34 2018/07/18 11:34:04 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
int ssh_local_cmd(const char *);
void maybe_add_key_to_agent(char *, const struct sshkey *, char *, char *);
-
-/*
- * Macros to raise/lower permissions.
- */
-#define PRIV_START do { \
- int save_errno = errno; \
- if (seteuid(original_effective_uid) != 0) \
- fatal("PRIV_START: seteuid: %s", \
- strerror(errno)); \
- errno = save_errno; \
-} while (0)
-
-#define PRIV_END do { \
- int save_errno = errno; \
- if (seteuid(original_real_uid) != 0) \
- fatal("PRIV_END: seteuid: %s", \
- strerror(errno)); \
- errno = save_errno; \
-} while (0)
-/* $OpenBSD: sshconnect2.c,v 1.281 2018/07/16 11:05:41 dtucker Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.282 2018/07/18 11:34:04 dtucker Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
* Copyright (c) 2008 Damien Miller. All rights reserved.
if (pid == 0) {
/* keep the socket on exec */
fcntl(sock, F_SETFD, 0);
- permanently_drop_suid(getuid());
close(from[0]);
if (dup2(from[1], STDOUT_FILENO) < 0)
fatal("%s: dup2: %s", __func__, strerror(errno));
-# $OpenBSD: Makefile,v 1.97 2018/07/11 18:53:29 markus Exp $
+# $OpenBSD: Makefile,v 1.98 2018/07/18 11:34:05 dtucker Exp $
.PATH: ${.CURDIR}/..
auth2-none.c auth2-passwd.c auth2-pubkey.c monitor.c monitor_wrap.c \
sftp-server.c sftp-common.c sandbox-pledge.c
SRCS+= atomicio.c authfd.c compat.c dns.c fatal.c \
- hostfile.c msg.c readpass.c utf8.c
+ hostfile.c msg.c readpass.c utf8.c uidswap.c
SRCS+= ${SRCS_BASE} ${SRCS_KEX} ${SRCS_KEXS} ${SRCS_KEY} ${SRCS_KEYP} \
${SRCS_KRL} ${SRCS_PROT} ${SRCS_PKT} ${SRCS_UTL} ${SRCS_PKCS11}
-/* $OpenBSD: uidswap.c,v 1.40 2018/06/15 07:01:11 djm Exp $ */
+/* $OpenBSD: uidswap.c,v 1.41 2018/07/18 11:34:04 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0)
fatal("setresuid %u: %s", (u_int)pw->pw_uid, strerror(errno));
}
-
-void
-permanently_drop_suid(uid_t uid)
-{
- debug("permanently_drop_suid: %u", (u_int)uid);
- if (setresuid(uid, uid, uid) != 0)
- fatal("setresuid %u: %s", (u_int)uid, strerror(errno));
-}
-/* $OpenBSD: uidswap.h,v 1.13 2006/08/03 03:34:42 deraadt Exp $ */
+/* $OpenBSD: uidswap.h,v 1.14 2018/07/18 11:34:05 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
void temporarily_use_uid(struct passwd *);
void restore_uid(void);
void permanently_set_uid(struct passwd *);
-void permanently_drop_suid(uid_t);
projects / openbsd / commitdiff