Date: Thu, 07 Nov 2002 15:05:23 -0800 From: Terry Lambert <tlambert2@mindspring.com> To: Damien Miller <djm@mindrot.org> Cc: Dag-Erling Smorgrav <des@ofug.org>, Markus Friedl <markus@openbsd.org>, Alexander Leidinger <Alexander@Leidinger.net>, current@freebsd.org, openssh@openbsd.org Subject: Re: ssh-agent broken with pam_ssh for xdm (+ fix for ssh-agent.c) Message-ID: <3DCAF1B3.1298A1@mindspring.com> References: <20021103204902.3c6b3705.Alexander@Leidinger.net> <20021104092329.GA1677@folly> <xzpd6pkxgip.fsf@flood.ping.uio.no> <20021105142536.GA8326@folly> <xzp4rawx9vh.fsf@flood.ping.uio.no> <3DCBC2CE.1030708@mindrot.org>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------FC4A960BD48B18C001F1F810
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Damien Miller wrote:
> Dag-Erling Smorgrav wrote:
> > Markus Friedl writes:
> > >but shouldn't it do something like
> > > seteuid(getuid());
> > > setuid(getuid());
> > >executing ssh-agent?
> >
> > It should. It currently uses popen(3), which doesn't. It needs
> > popen(3)-like functionality because it reads ssh-agent's output in
> > order to set $SSH_AGENT_PID and $SSH_AUTH_SOCK. Rewriting it to use
> > pipe(2) + fork(2) + execve(2) so it can frob the UID after forking but
> > before exec'ing is possible and desirable but not trivial. I'll see
> > what I can do later this week.
>
> There is code in sftp.c::connect_to_server() which does something close
> to this (pipe+fork+exec w/ args), adding uid frobbage should be easy.
> Though it doesn't do all the signal handling of popen()...
This is such a common case, it seems to me that it should use
common code. See attached patch, which adds an "supopen(3)" to
libc.
The man page addition to popen(3) is left as an exercise for someone who
cares...
-- Terry
--------------FC4A960BD48B18C001F1F810
Content-Type: text/plain; charset=us-ascii;
name="supopen.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="supopen.diff"
Index: lib/libc/gen/popen.c
===================================================================
RCS file: /cvs/src/lib/libc/gen/popen.c,v
retrieving revision 1.16
diff -c -r1.16 popen.c
*** lib/libc/gen/popen.c 1 Feb 2002 01:08:48 -0000 1.16
--- lib/libc/gen/popen.c 7 Nov 2002 19:03:34 -0000
***************
*** 65,70 ****
--- 65,81 ----
popen(command, type)
const char *command, *type;
{
+ return( supopen( command, type, 0, 0, 0);
+ }
+
+
+ FILE *
+ supopen(command, type, set, uid, gid)
+ const char *command, *type;
+ int set;
+ uid_t uid;
+ gid_t uid;
+ {
struct pid *cur;
FILE *iop;
int pdes[2], pid, twoway;
***************
*** 105,110 ****
--- 116,127 ----
return (NULL);
/* NOTREACHED */
case 0: /* Child. */
+ if (set) {
+ setegid( gid);
+ setgid( gid);
+ seteuid( uid);
+ setuid( uid);
+ }
if (*type == 'r') {
/*
* The _dup2() to STDIN_FILENO is repeated to avoid
Index: include/stdio.h
===================================================================
RCS file: /cvs/src/include/stdio.h,v
retrieving revision 1.50
diff -c -r1.50 stdio.h
*** include/stdio.h 14 Oct 2002 11:18:21 -0000 1.50
--- include/stdio.h 7 Nov 2002 18:55:49 -0000
***************
*** 286,291 ****
--- 286,294 ----
#if __POSIX_VISIBLE >= 199209
int pclose(FILE *);
FILE *popen(const char *, const char *);
+ #if !defined(_ANSI_SOURCE) && !defined(_POSIX_SOURCE)
+ FILE *supopen(const char *, const char *, int, uid_t, gid_t);
+ #endif
#endif
#if __POSIX_VISIBLE >= 199506
--------------FC4A960BD48B18C001F1F810--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DCAF1B3.1298A1>