Ok, I'm doing a heads up here.
I just applied:
- markus at cvs.openbsd.org 2002/06/11 04:14:26
[ssh.c sshconnect.c sshconnect.h]
no longer use uidswap.[ch] from the ssh client
run less code with euid==0 if ssh is installed setuid root
just switch the euid, don't switch the complete set of groups
(this is only needed by sshd). ok provos@
A few comments about this..
1. I bet dollars to donuts that platforms with problems recovering from
set[e]uid() changes (NeXT,etc).
2. ssh_create_socket() changed slightly, which should only affect Cygwin.
However, looking at the code I think it just needs a glance over by the
porter to ensure no additional work is needed.
sshconnect.c:
@@ -297,26 +295,14 @@
host, ntop, strport);
/* Create a socket for connecting. */
- sock = ssh_create_socket(pw,
-#ifdef HAVE_CYGWIN
- !anonymous,
-#else
- !anonymous && geteuid() == 0,
-#endif
+ sock = ssh_create_socket(needpriv, ai->ai_family);
If there is problems with having ssh setuid please speak up and
preferable with a patch so I don't have to suffer at the hands of my poor
68k-25mhz box.=)
- Ben
On Tue, 11 Jun 2002, Ben Lindstrom wrote:> > Ok, I'm doing a heads up here. > > I just applied: > > - markus at cvs.openbsd.org 2002/06/11 04:14:26 > [ssh.c sshconnect.c sshconnect.h] > no longer use uidswap.[ch] from the ssh client > run less code with euid==0 if ssh is installed setuid root > just switch the euid, don't switch the complete set of groups > (this is only needed by sshd). ok provos@ > > > > A few comments about this.. > > 1. I bet dollars to donuts that platforms with problems recovering from > set[e]uid() changes (NeXT,etc). >Umm..I should continue with my ideas before hitting the next point.=) the bet is that it will require fix up.=) - Ben
On Tue, Jun 11, 2002 at 11:30:42AM -0500, Ben Lindstrom wrote:> 2. ssh_create_socket() changed slightly, which should only affect Cygwin. > However, looking at the code I think it just needs a glance over by the > porter to ensure no additional work is needed. > > sshconnect.c: > @@ -297,26 +295,14 @@ > host, ntop, strport); > > /* Create a socket for connecting. */ > - sock = ssh_create_socket(pw, > -#ifdef HAVE_CYGWIN > - !anonymous, > -#else > - !anonymous && geteuid() == 0, > -#endif > + sock = ssh_create_socket(needpriv, ai->ai_family); > > > If there is problems with having ssh setuid please speak up and > preferable with a patch so I don't have to suffer at the hands of my poor > 68k-25mhz box.=)You just moved the problem. Index: ssh.c ==================================================================RCS file: /cvs/openssh_cvs/ssh.c,v retrieving revision 1.152 diff -u -p -r1.152 ssh.c --- ssh.c 11 Jun 2002 16:37:52 -0000 1.152 +++ ssh.c 11 Jun 2002 18:07:15 -0000 @@ -615,7 +615,11 @@ again: cerr = ssh_connect(host, &hostaddr, options.port, IPv4or6, options.connection_attempts, +#ifdef HAVE_CYGWIN + options.use_privileged_port, +#else original_effective_uid == 0 && options.use_privileged_port, +#endif options.proxy_command); /* I'm still convinced that expressions as if (uid == 0) should be changed to a function call if (is_superuser (uid)) which would allow to write platform dependent code in port-XXX.c instead of having the need for #ifdef's. Corinna -- Corinna Vinschen Cygwin Developer Red Hat, Inc. mailto:vinschen at redhat.com
>I'm still convinced that expressions as > > if (uid == 0) > >should be changed to a function call > > if (is_superuser (uid)) > >which would allow to write platform dependent code in port-XXX.c >instead of having the need for #ifdef's.Taking it a step further the function could take an arugment that says why the check is being done (bind to priveleged port, read a file I don't own) and would setup the necessary privelege. This would allow systems that have fine grained privelege to use it, a subsequent call would be made to drop the privelege after it was no longer needed. -- Darren J Moffat