diff options
| author |   markus <markus@openbsd.org> | 1999-11-15 21:05:03 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 1999-11-15 21:05:03 +0000 |
| commit | 43a486494dc12f92bb087fded96b5bedda7b23ae (patch) | |
| tree | fad5b6df658975cce42986b8e9e04073bbc73cdf /usr.bin/ssh/ssh.c | |
| parent | Remove a duplicate #include. (diff) | |
| download | wireguard-openbsd-43a486494dc12f92bb087fded96b5bedda7b23ae.tar.xz wireguard-openbsd-43a486494dc12f92bb087fded96b5bedda7b23ae.zip | |
a note for legay systems about secuity issues with permanently_set_uid(),
the private hostkey and ptrace()
Diffstat (limited to 'usr.bin/ssh/ssh.c')
| -rw-r--r-- | usr.bin/ssh/ssh.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index 6725ae0010b..97315254f35 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -18,7 +18,7 @@ Modified to work with SSL by Niels Provos <provos@citi.umich.edu> in Canada. */ #include "includes.h" -RCSID("$Id: ssh.c,v 1.29 1999/11/14 21:45:07 markus Exp $"); +RCSID("$Id: ssh.c,v 1.30 1999/11/15 21:05:03 markus Exp $"); #include "xmalloc.h" #include "ssh.h" @@ -550,6 +550,13 @@ main(int ac, char **av) them. Also, extra privileges could make it very hard to read identity files and other non-world-readable files from the user's home directory if it happens to be on a NFS volume where root is mapped to nobody. */ + + /* Note that some legacy systems need to postpone the following call to + permanently_set_uid() until the private hostkey is destroyed with + RSA_free(). Otherwise the calling user could ptrace() the process, + read the private hostkey and impersonate the host. OpenBSD does not + allow ptracing of setuid processes. */ + permanently_set_uid(original_real_uid); /* Now that we are back to our own permissions, create ~/.ssh directory |