diff options
| author | Ben Lindstrom <mouring@eviladmin.org> | 2002-05-15 16:17:56 +0000 |
|---|---|---|
| committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-05-15 16:17:56 +0000 |
| commit | 17401b6b772213ae466cb3ac287b4980ff9f7d0d (patch) | |
| tree | 8dde6c72117e92007bbfd4ae6f7d17eecb309b35 | |
| parent | a574cda45b5d3c3363520ef9e4aa3aaa5888c078 (diff) | |
- millert@cvs.openbsd.org 2002/05/13 15:53:19
[sshd.c]
Call setsid() in the child after sshd accepts the connection and forks.
This is needed for privsep which calls setlogin() when it changes uids.
Without this, there is a race where the login name of an existing
connection, as returned by getlogin(), may be changed to the privsep
user (sshd). markus@ OK
| -rw-r--r-- | ChangeLog | 9 | ||||
| -rw-r--r-- | sshd.c | 10 |
2 files changed, 17 insertions, 2 deletions
@@ -17,6 +17,13 @@ [auth-options.c auth.c auth.h] move the packet_send_debug handling from auth-options.c to auth.c; ok provos@ + - millert@cvs.openbsd.org 2002/05/13 15:53:19 + [sshd.c] + Call setsid() in the child after sshd accepts the connection and forks. + This is needed for privsep which calls setlogin() when it changes uids. + Without this, there is a race where the login name of an existing + connection, as returned by getlogin(), may be changed to the privsep + user (sshd). markus@ OK 20020514 - (stevesk) [README.privsep] PAM+privsep works with Solaris 8. @@ -621,4 +628,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2126 2002/05/15 16:16:14 mouring Exp $ +$Id: ChangeLog,v 1.2127 2002/05/15 16:17:56 mouring Exp $ @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.240 2002/04/23 22:16:29 djm Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.241 2002/05/13 15:53:19 millert Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -1332,6 +1332,14 @@ main(int ac, char **av) /* This is the child processing a new connection. */ /* + * Create a new session and process group since the 4.4BSD + * setlogin() affects the entire process group. We don't + * want the child to be able to affect the parent. + */ + if (setsid() < 0) + error("setsid: %.100s", strerror(errno)); + + /* * Disable the key regeneration alarm. We will not regenerate the * key since we are no longer in a position to give it to anyone. We * will not restart on SIGHUP since it no longer makes sense. |