make ssh-agent setgid, disallow ptrace.

2 files changed, 8 insertions, 3 deletions

diff --git a/usr.bin/ssh/ssh-agent.c b/usr.bin/ssh/ssh-agent.c
index 6ed21746446..48d7ce2e413 100644
--- a/usr.bin/ssh/ssh-agent.c
+++ b/usr.bin/ssh/ssh-agent.c
@@ -35,7 +35,7 @@
 
 #include "includes.h"
 #include <sys/queue.h>
-RCSID("$OpenBSD: ssh-agent.c,v 1.98 2002/07/21 18:07:45 stevesk Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.99 2002/08/12 10:46:35 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -934,6 +934,10 @@ main(int ac, char **av)
 	pid_t pid;
 	char pidstrbuf[1 + 3 * sizeof pid];
 
+	/* drop */
+	setegid(getgid());
+	setgid(getgid());
+
 	SSLeay_add_all_algorithms();
 
 	while ((ch = getopt(ac, av, "cdksa:")) != -1) {
diff --git a/usr.bin/ssh/ssh-agent/Makefile b/usr.bin/ssh/ssh-agent/Makefile
index c252dbdad65..05ae43fcc8b 100644
--- a/usr.bin/ssh/ssh-agent/Makefile
+++ b/usr.bin/ssh/ssh-agent/Makefile
@@ -1,11 +1,12 @@
-#	$OpenBSD: Makefile,v 1.21 2001/06/27 19:29:16 markus Exp $
+#	$OpenBSD: Makefile,v 1.22 2002/08/12 10:46:35 markus Exp $
 
 .PATH:		${.CURDIR}/..
 
 PROG=	ssh-agent
 BINOWN=	root
+BINGRP=	_sshagnt
 
-BINMODE?=555
+BINMODE?=2555
 
 BINDIR=	/usr/bin
 MAN=	ssh-agent.1