diff options
author | Damien Miller <djm@mindrot.org> | 2000-11-25 10:09:32 +1100 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2000-11-25 10:09:32 +1100 |
commit | d592b632968fbec154c81b93c99b283200b257b6 (patch) | |
tree | 71ca03cc13c1871946c317662d77dacbc5e37d02 /entropy.c | |
parent | 14920293713ff4a5bbe45b495694bfd925d73894 (diff) |
give up privs when reading seed file
Diffstat (limited to 'entropy.c')
-rw-r--r-- | entropy.c | 14 |
1 files changed, 13 insertions, 1 deletions
@@ -35,7 +35,7 @@ # include <floatingpoint.h> #endif /* HAVE_FLOATINGPOINT_H */ -RCSID("$Id: entropy.c,v 1.21 2000/10/16 09:13:43 djm Exp $"); +RCSID("$Id: entropy.c,v 1.22 2000/11/24 23:09:32 djm Exp $"); #ifndef offsetof # define offsetof(type, member) ((size_t) &((type *)0)->member) @@ -798,7 +798,10 @@ seed_rng(void) void init_rng(void) { + int original_euid; + original_uid = getuid(); + original_euid = geteuid(); /* Read in collection commands */ if (!prng_read_commands(SSH_PRNG_COMMAND_FILE)) @@ -806,7 +809,16 @@ void init_rng(void) /* Set ourselves up to save a seed upon exit */ prng_seed_saved = 0; + + /* Give up privs while reading seed file */ + if ((original_uid != original_euid) && (seteuid(original_uid) == -1)) + fatal("Couldn't give up privileges"); + prng_read_seedfile(); + + if ((original_uid != original_euid) && (seteuid(original_euid) == -1)) + fatal("Couldn't restore privileges"); + fatal_add_cleanup(prng_seed_cleanup, NULL); atexit(prng_write_seedfile); |