I downloaded openssh-2.5.1p1 as soon as it was on the ftp servers just to get the setluid patch. After compiling and installing on 5.0.5 I saw that the luid still wasn't being set correctly whether sshd was run from inetd or as a daemon from /etc/rc2.d/. I fiddled around and moved the setluid() stuff up higher in session.c and now luid is now being set correctly. I provided a regular diff below. I am not a power c programmer or cvs guy so I hope you'll be kind if the diff is crude. More importantly, I hope that where I moved it to is correct! -- Darryl Ideal Computer Group Inc. thor 314 : /u/sco/source/openssh-2.5.1p1 # diff session.c session.drk.c 1024a1025,1031> /* DRK: moved this stuff up higher */ > #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) > /* Sets login uid for accounting */ > if (getluid() == -1 && setluid(pw->pw_uid) == -1) > error("setluid: %s", strerror(errno)); > #endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */ >1128,1133d1134 < < #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) < /* Sets login uid for accounting */ < if (getluid() == -1 && setluid(pw->pw_uid) == -1) < error("setluid: %s", strerror(errno)); < #endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */
On Wed, 21 Feb 2001 mouring at etoh.eviladmin.org wrote:> > Can you resend that patch? It was managed in deliever and does not > apply against the current CVS tree. > > Thanks > > - Ben >No problem, here is a patch for the CVS tree that I grabbed this morning. Sam *** openssh_cvs/session.c Tue Feb 20 21:53:33 2001 --- openssh_cvs_patch/session.c Wed Feb 21 11:03:24 2001 *************** *** 1071,1076 **** } #endif # else /* HAVE_LOGIN_CAP */ if (setlogin(pw->pw_name) < 0) error("setlogin failed: %s", strerror(errno)); if (setgid(pw->pw_gid) < 0) { --- 1071,1083 ---- } #endif # else /* HAVE_LOGIN_CAP */ + + #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) + /* Sets login uid for accounting */ + if (getluid() == -1 && setluid(pw->pw_uid) == -1) + error("setluid: %s", strerror(errno)); + #endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */ + if (setlogin(pw->pw_name) < 0) error("setlogin failed: %s", strerror(errno)); if (setgid(pw->pw_gid) < 0) { *************** *** 1122,1132 **** } #endif /* HAVE_OSF_SIA */ - #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) - /* Sets login uid for accounting */ - if (getluid() == -1 && setluid(pw->pw_uid) == -1) - error("setluid: %s", strerror(errno)); - #endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */ #ifdef HAVE_CYGWIN if (is_winnt) --- 1129,1134 ---- } #endif /* HAVE_OSF_SIA */ #ifdef HAVE_CYGWIN if (is_winnt)
Applied. thanks. On Wed, 21 Feb 2001, Sam Vaughan wrote:> > On Wed, 21 Feb 2001 mouring at etoh.eviladmin.org wrote: > > > > > Can you resend that patch? It was managed in deliever and does not > > apply against the current CVS tree. > > > > Thanks > > > > - Ben > > > > No problem, here is a patch for the CVS tree that I grabbed this > morning. > > Sam > > *** openssh_cvs/session.c Tue Feb 20 21:53:33 2001 > --- openssh_cvs_patch/session.c Wed Feb 21 11:03:24 2001 > *************** > *** 1071,1076 **** > } > #endif > # else /* HAVE_LOGIN_CAP */ > if (setlogin(pw->pw_name) < 0) > error("setlogin failed: %s", > strerror(errno)); > if (setgid(pw->pw_gid) < 0) { > --- 1071,1083 ---- > } > #endif > # else /* HAVE_LOGIN_CAP */ > + > + #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) > + /* Sets login uid for accounting */ > + if (getluid() == -1 && setluid(pw->pw_uid) == -1) > + error("setluid: %s", strerror(errno)); > + #endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */ > + > if (setlogin(pw->pw_name) < 0) > error("setlogin failed: %s", > strerror(errno)); > if (setgid(pw->pw_gid) < 0) { > *************** > *** 1122,1132 **** > } > #endif /* HAVE_OSF_SIA */ > > - #if defined(HAVE_GETLUID) && defined(HAVE_SETLUID) > - /* Sets login uid for accounting */ > - if (getluid() == -1 && setluid(pw->pw_uid) == -1) > - error("setluid: %s", strerror(errno)); > - #endif /* defined(HAVE_GETLUID) && defined(HAVE_SETLUID) */ > > #ifdef HAVE_CYGWIN > if (is_winnt) > --- 1129,1134 ---- > } > #endif /* HAVE_OSF_SIA */ > > > #ifdef HAVE_CYGWIN > if (is_winnt) > > > > > >