openssh unix dev - Feb 2005 - getpeereid

Hi,

I've just implemented getpeereid in Cygwin and I found that there's
something I don't understand.

In ssh-agent.c and in clientloop.c, getpeereid is used to ask for the
effective uid of the peer side of the connected socket.  So far so good,
but why does the test look like this:

  if ((euid != 0) && (getuid() != euid))

?  Is there any good reason why root should be able to connect to the
ssh-agent of a user?  What is that reason?  Otherwise, shouldn't it be
better just

  if (getuid() != euid)

?


Corinna

-- 
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat, Inc.

Corinna Vinschen wrote:
>   if ((euid != 0) && (getuid() != euid))
> 
> ?  Is there any good reason why root should be able to connect to the
> ssh-agent of a user?  What is that reason?  Otherwise, shouldn't it be
> better just
ssh is setuid root in some configurations (eg for RhostsRSAAuthentication, 
UsePrivilegedPort).

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.