diff options
| author | Damien Miller <djm@mindrot.org> | 1999-11-16 13:37:16 +1100 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 1999-11-16 13:37:16 +1100 |
| commit | 7e8e820153a620ab1dcd81857a7de0969c41d043 (patch) | |
| tree | 226cc4185feae97f4069ad60b4c18d259aa5df2f /ssh.c | |
| parent | 4874c79a3a05fc18678d7a85d7091f5139630fac (diff) | |
- Merged OpenBSD CVS changes:
- [auth-rh-rsa.c auth-rsa.c authfd.c authfd.h hostfile.c mpaux.c]
[mpaux.h ssh-add.c ssh-agent.c ssh.h ssh.c sshd.c]
the keysize of rsa-parameter 'n' is passed implizit,
a few more checks and warnings about 'pretended' keysizes.
- [cipher.c cipher.h packet.c packet.h sshd.c]
remove support for cipher RC4
- [ssh.c]
a note for legay systems about secuity issues with permanently_set_uid(),
the private hostkey and ptrace()
- [sshconnect.c]
more detailed messages about adding and checking hostkeys
Diffstat (limited to 'ssh.c')
| -rw-r--r-- | ssh.c | 9 |
1 files changed, 8 insertions, 1 deletions
@@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada. */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.9 1999/11/15 06:10:57 damien Exp $"); +RCSID("$Id: ssh.c,v 1.10 1999/11/16 02:37:16 damien Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -555,6 +555,13 @@ main(int ac, char **av) them. Also, extra privileges could make it very hard to read identity files and other non-world-readable files from the user's home directory if it happens to be on a NFS volume where root is mapped to nobody. */ + + /* Note that some legacy systems need to postpone the following call to + permanently_set_uid() until the private hostkey is destroyed with + RSA_free(). Otherwise the calling user could ptrace() the process, + read the private hostkey and impersonate the host. OpenBSD does not + allow ptracing of setuid processes. */ + permanently_set_uid(original_real_uid); /* Now that we are back to our own permissions, create ~/.ssh directory |