diff options
author | des <des@FreeBSD.org> | 2016-03-11 00:15:29 +0000 |
---|---|---|
committer | des <des@FreeBSD.org> | 2016-03-11 00:15:29 +0000 |
commit | bb6f58c772c321121b8148fe7726de90f90e1dec (patch) | |
tree | 755a41a3dcaa10393f1e0d17469bd517b8a0989a /crypto/openssh/uidswap.c | |
parent | 0e0b4ac1f05aada737d7d2280ab40c6b06016981 (diff) | |
parent | 9169dee5c46ff1d9dfce5c97590347e20a54c84e (diff) | |
download | FreeBSD-src-bb6f58c772c321121b8148fe7726de90f90e1dec.zip FreeBSD-src-bb6f58c772c321121b8148fe7726de90f90e1dec.tar.gz |
Upgrade to OpenSSH 7.2p2.
Diffstat (limited to 'crypto/openssh/uidswap.c')
-rw-r--r-- | crypto/openssh/uidswap.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/crypto/openssh/uidswap.c b/crypto/openssh/uidswap.c index 0702e1d..8bf6b24 100644 --- a/crypto/openssh/uidswap.c +++ b/crypto/openssh/uidswap.c @@ -134,7 +134,7 @@ temporarily_use_uid(struct passwd *pw) void permanently_drop_suid(uid_t uid) { -#ifndef HAVE_CYGWIN +#ifndef NO_UID_RESTORATION_TEST uid_t old_uid = getuid(); #endif @@ -142,8 +142,14 @@ permanently_drop_suid(uid_t uid) if (setresuid(uid, uid, uid) < 0) fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno)); -#ifndef HAVE_CYGWIN - /* Try restoration of UID if changed (test clearing of saved uid) */ +#ifndef NO_UID_RESTORATION_TEST + /* + * Try restoration of UID if changed (test clearing of saved uid). + * + * Note that we don't do this on Cygwin, or on Solaris-based platforms + * where fine-grained privileges are available (the user might be + * deliberately allowed the right to setuid back to root). + */ if (old_uid != uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) fatal("%s: was able to restore old [e]uid", __func__); @@ -199,7 +205,7 @@ restore_uid(void) void permanently_set_uid(struct passwd *pw) { -#ifndef HAVE_CYGWIN +#ifndef NO_UID_RESTORATION_TEST uid_t old_uid = getuid(); gid_t old_gid = getgid(); #endif @@ -227,7 +233,7 @@ permanently_set_uid(struct passwd *pw) if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) fatal("setresuid %u: %.100s", (u_int)pw->pw_uid, strerror(errno)); -#ifndef HAVE_CYGWIN +#ifndef NO_UID_RESTORATION_TEST /* Try restoration of GID if changed (test clearing of saved gid) */ if (old_gid != pw->pw_gid && pw->pw_uid != 0 && (setgid(old_gid) != -1 || setegid(old_gid) != -1)) @@ -241,7 +247,7 @@ permanently_set_uid(struct passwd *pw) (u_int)pw->pw_gid); } -#ifndef HAVE_CYGWIN +#ifndef NO_UID_RESTORATION_TEST /* Try restoration of UID if changed (test clearing of saved uid) */ if (old_uid != pw->pw_uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) |