diff options
| author |   dtucker <dtucker@openbsd.org> | 2018-07-18 11:34:04 +0000 |
|---|---|---|
| committer | dtucker <dtucker@openbsd.org> | 2018-07-18 11:34:04 +0000 |
| commit | be0d4aa57315afcb114022d0e7d8dcc7a24ed94d (patch) | |
| tree | d1be57b34d9dd811b1336e5aa5f3b0fb46b1df4c /usr.bin/ssh/ssh.c | |
| parent | Replace VATTR_NULL() with memset(3) in fusefs_getattr(). VATTR_NULL() (diff) | |
| download | wireguard-openbsd-be0d4aa57315afcb114022d0e7d8dcc7a24ed94d.tar.xz wireguard-openbsd-be0d4aa57315afcb114022d0e7d8dcc7a24ed94d.zip | |
Remove support for running ssh(1) setuid and fatal if attempted.
Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort,
which will be marked as deprecated shortly. ok markus@ djm@
Diffstat (limited to 'usr.bin/ssh/ssh.c')
| -rw-r--r-- | usr.bin/ssh/ssh.c | 40 |
1 files changed, 7 insertions, 33 deletions
diff --git a/usr.bin/ssh/ssh.c b/usr.bin/ssh/ssh.c index aeaae37936a..7192be01772 100644 --- a/usr.bin/ssh/ssh.c +++ b/usr.bin/ssh/ssh.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh.c,v 1.486 2018/07/16 22:25:01 dtucker Exp $ */ +/* $OpenBSD: ssh.c,v 1.487 2018/07/18 11:34:04 dtucker Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -94,7 +94,6 @@ #include "sshpty.h" #include "match.h" #include "msg.h" -#include "uidswap.h" #include "version.h" #include "ssherr.h" #include "myproposal.h" @@ -599,22 +598,11 @@ main(int ac, char **av) original_real_uid = getuid(); original_effective_uid = geteuid(); - /* - * Use uid-swapping to give up root privileges for the duration of - * option processing. We will re-instantiate the rights when we are - * ready to create the privileged port, and will permanently drop - * them when the port has been created (actually, when the connection - * has been made, as we may need to create the port several times). - */ - PRIV_END; - - /* If we are installed setuid root be careful to not drop core. */ - if (original_real_uid != original_effective_uid) { - struct rlimit rlim; - rlim.rlim_cur = rlim.rlim_max = 0; - if (setrlimit(RLIMIT_CORE, &rlim) < 0) - fatal("setrlimit failed: %.100s", strerror(errno)); - } + if (getuid() != geteuid()) + fatal("ssh setuid not supported."); + if (getgid() != getegid()) + fatal("ssh setgid not supported."); + /* Get user data. */ pw = getpwuid(original_real_uid); if (!pw) { @@ -1414,22 +1402,8 @@ main(int ac, char **av) L_PUBKEY(_PATH_HOST_XMSS_KEY_FILE, 9); } } - /* - * Get rid of any extra privileges that we may have. We will no - * longer need them. Also, extra privileges could make it very hard - * to read identity files and other non-world-readable files from the - * user's home directory if it happens to be on a NFS volume where - * root is mapped to nobody. - */ - if (original_effective_uid == 0) { - PRIV_START; - permanently_set_uid(pw); - } - /* - * Now that we are back to our own permissions, create ~/.ssh - * directory if it doesn't already exist. - */ + /* Create ~/.ssh * directory if it doesn't already exist. */ if (config == NULL) { r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir, strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); |