[PATCH]: uidswap.c: Drop uid 0 check on Cygwin

This is a discussion on [PATCH]: uidswap.c: Drop uid 0 check on Cygwin within the OpenSSH Development forums, part of the Networking and Network Related category; Hi, the below patch drops another test for uid 0 on Cygwin. It's embarassing that I never found it. ...


Go Back   Usenet Forums > Networking and Network Related > OpenSSH Development

Reload this Page [PATCH]: uidswap.c: Drop uid 0 check on Cygwin

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 02-19-2005
Corinna Vinschen
 
Posts: n/a
Default [PATCH]: uidswap.c: Drop uid 0 check on Cygwin
Hi,

the below patch drops another test for uid 0 on Cygwin. It's embarassing
that I never found it. Actually temporarily_use_uid never worked on
Cygwin due to that.

So far that had no influence, but now that we have activated another
feature which makes Cygwin more POSIX-like, somebody on the Cygwin list
found that agent forwarding didn't work anymore. The reason is that
due to the uid == 0 check in temporarily_use_uid, the user account
is not temporarily switched before creating the forwarded agent socket,
which then is owned by the account running sshd instead of the account
which is going to log in.

The below patch fixes that. Could somebody please check it in?

I guess I asked this question already at least twice, but would it
hurt OpenSSH badly if it would drop the tests for uid == 0 and instead
call a function which checks the current account for being a privilieged
account? This could be very simple on most UNIX derivates like this:

int
privileged_user ()
{
return geteuid () == 0;
}

and much more complicated on systems needing that. On Cygwin we could
check for the SE_CREATE_TOKEN_NAME privilege in the current access token
on NT and just return 1 on 9x systems.

The advantage would be that we could remove lots of #ifdef stuff which
is just there because of these non-portable uid == 0 tests.

I would be willing to submit a patch for this, provided that it has a
chance for inclusion.


Corinna


Index: uidswap.c
================================================== =================
RCS file: /cvs/openssh_cvs/uidswap.c,v
retrieving revision 1.45
diff -p -u -r1.45 uidswap.c
--- uidswap.c 19 Oct 2004 06:33:33 -0000 1.45
+++ uidswap.c 19 Feb 2005 10:33:38 -0000
@@ -56,10 +56,12 @@ temporarily_use_uid(struct passwd *pw)
debug("temporarily_use_uid: %u/%u (e=%u/%u)",
(u_int)pw->pw_uid, (u_int)pw->pw_gid,
(u_int)saved_euid, (u_int)saved_egid);
+#ifndef HAVE_CYGWIN
if (saved_euid != 0) {
privileged = 0;
return;
}
+#endif
#else
if (geteuid() != 0) {
privileged = 0;


--
Corinna Vinschen
Cygwin Project Co-Leader
Red Hat, Inc.

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 10:34 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0