From owner-freebsd-current Mon Nov 4 1:24:14 2002 Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 66CAD37B401; Mon, 4 Nov 2002 01:24:12 -0800 (PST) Received: from faui03.informatik.uni-erlangen.de (faui03.informatik.uni-erlangen.de [131.188.30.103]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6628B43E42; Mon, 4 Nov 2002 01:24:11 -0800 (PST) (envelope-from markus@openbsd.org) Received: from folly.informatik.uni-erlangen.de (localhost [127.0.0.1]) by faui03.informatik.uni-erlangen.de (8.12.6/8.12.6) with ESMTP id gA49O4TT006681; Mon, 4 Nov 2002 09:24:05 GMT Received: by folly.informatik.uni-erlangen.de (Postfix, from userid 31451) id 818C834081; Mon, 4 Nov 2002 10:23:29 +0100 (CET) Date: Mon, 4 Nov 2002 10:23:29 +0100 From: Markus Friedl To: Alexander Leidinger Cc: current@freebsd.org, des@freebsd.org, openssh@openbsd.org Subject: Re: ssh-agent broken with pam_ssh for xdm (+ fix for ssh-agent.c) Message-ID: <20021104092329.GA1677@folly> References: <20021103204902.3c6b3705.Alexander@Leidinger.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20021103204902.3c6b3705.Alexander@Leidinger.net> User-Agent: Mutt/1.4i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG yes, geteuid() could work, too, but why is ssh-agent running with a privileged user id? shouldn't both the real and effective user id be the uid of the user? On Sun, Nov 03, 2002 at 08:49:02PM +0100, Alexander Leidinger wrote: > Hi, > > [Markus: this is on FreeBSD-current with > $OpenBSD: ssh-agent.c,v 1.105 2002/10/01 20:34:12 markus Exp $] > > I use pam_ssh in pam.d/xdm and after an update to todays -current, it > doesn't add my key anymore. In /var/log/messages I see the following if > I try a "ssh-add -l": > ---snip--- > ssh-agent[6438]: error: uid mismatch: peer euid 1000 != uid 0 > ---snip--- > > ssh-agent.c:after_select() contains: > ---snip--- > if ((euid != 0) && (getuid() != euid)) { > error("uid mismatch: " > "peer euid %u != uid %u", > (u_int) euid, (u_int) getuid()); > close(sock); > break; > } > ---snip--- > > As ssh_agent gets startet from pam_ssh in xdm (which runs as root -> > getuid() = 0, geteuid() = 1000), it is obvious why it doesn't work. > > At the moment I have this piece of code commented out, but I think this > should get changed to use geteuid() instead of getuid(). Or did I > misunderstood the idea behind the above code? > > Bye, > Alexander. > > -- > Loose bits sink chips. > > http://www.Leidinger.net Alexander @ Leidinger.net > GPG fingerprint = C518 BC70 E67F 143F BE91 3365 79E2 9C60 B006 3FE7 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message