Date: Tue, 05 Nov 2002 15:01:02 +0100 From: Dag-Erling Smorgrav <des@ofug.org> To: Markus Friedl <markus@openbsd.org> Cc: Alexander Leidinger <Alexander@Leidinger.net>, current@freebsd.org, openssh@openbsd.org Subject: Re: ssh-agent broken with pam_ssh for xdm (+ fix for ssh-agent.c) Message-ID: <xzpd6pkxgip.fsf@flood.ping.uio.no> In-Reply-To: <20021104092329.GA1677@folly> (Markus Friedl's message of "Mon, 4 Nov 2002 10:23:29 %2B0100") References: <20021103204902.3c6b3705.Alexander@Leidinger.net> <20021104092329.GA1677@folly>
next in thread | previous in thread | raw e-mail | index | archive | help
Markus Friedl <markus@openbsd.org> writes: > yes, geteuid() could work, too, but why is ssh-agent running > with a privileged user id? shouldn't both the real and > effective user id be the uid of the user? ssh-agent is started by pam_ssh which is run under xdm's uid (i.e. 0). It switches to the user's egid and euid before starting ssh-agent. FreeBSD's execve() does not change the real user id (I don't think POSIX allows it) so ssh-agent has real user-id 0. It should do setuid(geteuid()) early on to guard against this. Alternatively, pam_ssh could use a home-grown privilege-dropping popen() instead of libc's popen() to start ssh-agent. DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?xzpd6pkxgip.fsf>