From owner-freebsd-current  Thu Nov  7 15: 7:34 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2D7E837B401
	for <current@freebsd.org>; Thu,  7 Nov 2002 15:07:31 -0800 (PST)
Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74])
	by mx1.FreeBSD.org (Postfix) with ESMTP id ABF2343E42
	for <current@freebsd.org>; Thu,  7 Nov 2002 15:07:30 -0800 (PST)
	(envelope-from tlambert2@mindspring.com)
Received: from pool0030.cvx40-bradley.dialup.earthlink.net ([216.244.42.30] helo=mindspring.com)
	by falcon.mail.pas.earthlink.net with esmtp (Exim 3.33 #1)
	id 189vjt-0001Ha-00; Thu, 07 Nov 2002 15:07:06 -0800
Message-ID: <3DCAF1B3.1298A1@mindspring.com>
Date: Thu, 07 Nov 2002 15:05:23 -0800
From: Terry Lambert <tlambert2@mindspring.com>
X-Mailer: Mozilla 4.79 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Damien Miller <djm@mindrot.org>
Cc: Dag-Erling Smorgrav <des@ofug.org>,
	Markus Friedl <markus@openbsd.org>,
	Alexander Leidinger <Alexander@Leidinger.net>, current@freebsd.org,
	openssh@openbsd.org
Subject: Re: ssh-agent broken with pam_ssh for xdm (+ fix for ssh-agent.c)
References: <20021103204902.3c6b3705.Alexander@Leidinger.net>	<20021104092329.GA1677@folly> <xzpd6pkxgip.fsf@flood.ping.uio.no>	<20021105142536.GA8326@folly> <xzp4rawx9vh.fsf@flood.ping.uio.no> <3DCBC2CE.1030708@mindrot.org>
Content-Type: multipart/mixed;
 boundary="------------FC4A960BD48B18C001F1F810"
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

This is a multi-part message in MIME format.
--------------FC4A960BD48B18C001F1F810
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Damien Miller wrote:
> Dag-Erling Smorgrav wrote:
> > Markus Friedl  writes:
> > >but shouldn't it do something like
> > >        seteuid(getuid());
> > >        setuid(getuid());
> > >executing ssh-agent?
> >
> > It should.  It currently uses popen(3), which doesn't.  It needs
> > popen(3)-like functionality because it reads ssh-agent's output in
> > order to set $SSH_AGENT_PID and $SSH_AUTH_SOCK.  Rewriting it to use
> > pipe(2) + fork(2) + execve(2) so it can frob the UID after forking but
> > before exec'ing is possible and desirable but not trivial.  I'll see
> > what I can do later this week.
> 
> There is code in sftp.c::connect_to_server() which does something close
> to this (pipe+fork+exec w/ args), adding uid frobbage should be easy.
> Though it doesn't do all the signal handling of popen()...

This is such a common case, it seems to me that it should use
common code.  See attached patch, which adds an "supopen(3)" to
libc.

The man page addition to popen(3) is left as an exercise for someone who
cares...

-- Terry
--------------FC4A960BD48B18C001F1F810
Content-Type: text/plain; charset=us-ascii;
 name="supopen.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="supopen.diff"

Index: lib/libc/gen/popen.c
===================================================================
RCS file: /cvs/src/lib/libc/gen/popen.c,v
retrieving revision 1.16
diff -c -r1.16 popen.c
*** lib/libc/gen/popen.c	1 Feb 2002 01:08:48 -0000	1.16
--- lib/libc/gen/popen.c	7 Nov 2002 19:03:34 -0000
***************
*** 65,70 ****
--- 65,81 ----
  popen(command, type)
  	const char *command, *type;
  {
+ 	return( supopen( command, type, 0, 0, 0);
+ }
+ 
+ 
+ FILE *
+ supopen(command, type, set, uid, gid)
+ 	const char *command, *type;
+ 	int set;
+ 	uid_t uid;
+ 	gid_t uid;
+ {
  	struct pid *cur;
  	FILE *iop;
  	int pdes[2], pid, twoway;
***************
*** 105,110 ****
--- 116,127 ----
  		return (NULL);
  		/* NOTREACHED */
  	case 0:				/* Child. */
+ 		if (set) {
+ 			setegid( gid);
+ 			setgid( gid);
+ 			seteuid( uid);
+ 			setuid( uid);
+ 		}
  		if (*type == 'r') {
  			/*
  			 * The _dup2() to STDIN_FILENO is repeated to avoid
Index: include/stdio.h
===================================================================
RCS file: /cvs/src/include/stdio.h,v
retrieving revision 1.50
diff -c -r1.50 stdio.h
*** include/stdio.h	14 Oct 2002 11:18:21 -0000	1.50
--- include/stdio.h	7 Nov 2002 18:55:49 -0000
***************
*** 286,291 ****
--- 286,294 ----
  #if __POSIX_VISIBLE >= 199209
  int	 pclose(FILE *);
  FILE	*popen(const char *, const char *);
+ #if !defined(_ANSI_SOURCE) && !defined(_POSIX_SOURCE)
+ FILE	*supopen(const char *, const char *, int, uid_t, gid_t);
+ #endif
  #endif
  
  #if __POSIX_VISIBLE >= 199506

--------------FC4A960BD48B18C001F1F810--


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message