diff options
| author | dtucker@openbsd.org <dtucker@openbsd.org> | 2018-07-27 05:34:42 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2018-07-31 12:20:13 +1000 |
| commit | e655ee04a3cb7999dbf9641b25192353e2b69418 (patch) | |
| tree | ec31b0a5b5011db7848a40f8ae9de8d5aa1a5334 | |
| parent | 73ddb25bae4c33a0db361ac13f2e3a60d7c6c4a5 (diff) | |
upstream: Now that ssh can't be setuid, remove the
original_real_uid and original_effective_uid globals and replace with calls
to plain getuid(). ok djm@
OpenBSD-Commit-ID: 92561c0cd418d34e6841e20ba09160583e27b68c
| -rw-r--r-- | readconf.c | 4 | ||||
| -rw-r--r-- | ssh-keysign.c | 10 | ||||
| -rw-r--r-- | ssh.c | 31 | ||||
| -rw-r--r-- | sshconnect.c | 4 |
4 files changed, 13 insertions, 36 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.295 2018/07/27 05:13:02 dtucker Exp $ */ +/* $OpenBSD: readconf.c,v 1.296 2018/07/27 05:34:42 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -320,7 +320,6 @@ void add_local_forward(Options *options, const struct Forward *newfwd) { struct Forward *fwd; - extern uid_t original_real_uid; int i; /* Don't add duplicates */ @@ -480,7 +479,6 @@ execute_in_shell(const char *cmd) char *shell; pid_t pid; int devnull, status; - extern uid_t original_real_uid; if ((shell = getenv("SHELL")) == NULL) shell = _PATH_BSHELL; diff --git a/ssh-keysign.c b/ssh-keysign.c index 78bb66b0..744ecb4f 100644 --- a/ssh-keysign.c +++ b/ssh-keysign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keysign.c,v 1.54 2018/02/23 15:58:38 markus Exp $ */ +/* $OpenBSD: ssh-keysign.c,v 1.55 2018/07/27 05:34:42 dtucker Exp $ */ /* * Copyright (c) 2002 Markus Friedl. All rights reserved. * @@ -62,11 +62,6 @@ struct ssh *active_state = NULL; /* XXX needed for linking */ extern char *__progname; -/* XXX readconf.c needs these */ -uid_t original_real_uid; - -extern char *__progname; - static int valid_request(struct passwd *pw, char *host, struct sshkey **ret, u_char *data, size_t datalen) @@ -201,8 +196,7 @@ main(int argc, char **argv) key_fd[i++] = open(_PATH_HOST_XMSS_KEY_FILE, O_RDONLY); key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); - original_real_uid = getuid(); /* XXX readconf.c needs this */ - if ((pw = getpwuid(original_real_uid)) == NULL) + if ((pw = getpwuid(getuid())) == NULL) fatal("getpwuid failed"); pw = pwcopy(pw); @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.489 2018/07/25 13:10:56 beck Exp $ */ +/* $OpenBSD: ssh.c,v 1.490 2018/07/27 05:34:42 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -177,10 +177,6 @@ struct sockaddr_storage hostaddr; /* Private host keys. */ Sensitive sensitive_data; -/* Original real UID. */ -uid_t original_real_uid; -uid_t original_effective_uid; - /* command to be executed */ struct sshbuf *command; @@ -223,7 +219,7 @@ tilde_expand_paths(char **paths, u_int num_paths) char *cp; for (i = 0; i < num_paths; i++) { - cp = tilde_expand_filename(paths[i], original_real_uid); + cp = tilde_expand_filename(paths[i], getuid()); free(paths[i]); paths[i] = cp; } @@ -620,17 +616,10 @@ main(int ac, char **av) */ closefrom(STDERR_FILENO + 1); - /* - * Save the original real uid. It will be needed later (uid-swapping - * may clobber the real uid). - */ - original_real_uid = getuid(); - original_effective_uid = geteuid(); - /* Get user data. */ - pw = getpwuid(original_real_uid); + pw = getpwuid(getuid()); if (!pw) { - logit("No user exists for uid %lu", (u_long)original_real_uid); + logit("No user exists for uid %lu", (u_long)getuid()); exit(255); } /* Take a copy of the returned structure. */ @@ -773,7 +762,7 @@ main(int ac, char **av) options.gss_deleg_creds = 1; break; case 'i': - p = tilde_expand_filename(optarg, original_real_uid); + p = tilde_expand_filename(optarg, getuid()); if (stat(p, &st) < 0) fprintf(stderr, "Warning: Identity file %s " "not accessible: %s.\n", p, @@ -1321,8 +1310,7 @@ main(int ac, char **av) } if (options.control_path != NULL) { - cp = tilde_expand_filename(options.control_path, - original_real_uid); + cp = tilde_expand_filename(options.control_path, getuid()); free(options.control_path); options.control_path = percent_expand(cp, "C", conn_hash_hex, @@ -1450,7 +1438,7 @@ main(int ac, char **av) unsetenv(SSH_AUTHSOCKET_ENV_NAME); } else { p = tilde_expand_filename(options.identity_agent, - original_real_uid); + getuid()); cp = percent_expand(p, "d", pw->pw_dir, "h", host, @@ -2018,8 +2006,7 @@ load_public_identity_files(struct passwd *pw) options.identity_files[i] = NULL; continue; } - cp = tilde_expand_filename(options.identity_files[i], - original_real_uid); + cp = tilde_expand_filename(options.identity_files[i], getuid()); filename = percent_expand(cp, "d", pw->pw_dir, "u", pw->pw_name, "l", thishost, "h", host, "r", options.user, (char *)NULL); @@ -2070,7 +2057,7 @@ load_public_identity_files(struct passwd *pw) fatal("%s: too many certificates", __func__); for (i = 0; i < options.num_certificate_files; i++) { cp = tilde_expand_filename(options.certificate_files[i], - original_real_uid); + getuid()); filename = percent_expand(cp, "d", pw->pw_dir, "h", host, diff --git a/sshconnect.c b/sshconnect.c index 64250dab..78813c16 100644 --- a/sshconnect.c +++ b/sshconnect.c @@ -1,4 +1,4 @@ -/* $OpenBSD: sshconnect.c,v 1.303 2018/07/19 23:03:16 dtucker Exp $ */ +/* $OpenBSD: sshconnect.c,v 1.304 2018/07/27 05:34:42 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -80,8 +80,6 @@ static pid_t proxy_command_pid = 0; /* import */ extern Options options; extern char *__progname; -extern uid_t original_real_uid; -extern uid_t original_effective_uid; static int show_other_keys(struct hostkeys *, struct sshkey *); static void warn_changed_key(struct sshkey *); |