From owner-freebsd-current  Tue Nov  5  6:26:24 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A8D4437B401
	for <current@freebsd.org>; Tue,  5 Nov 2002 06:26:23 -0800 (PST)
Received: from faui03.informatik.uni-erlangen.de (faui03.informatik.uni-erlangen.de [131.188.30.103])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A04B243E75
	for <current@freebsd.org>; Tue,  5 Nov 2002 06:26:21 -0800 (PST)
	(envelope-from markus@openbsd.org)
Received: from folly.informatik.uni-erlangen.de (localhost [127.0.0.1])
	by faui03.informatik.uni-erlangen.de (8.12.6/8.12.6) with ESMTP id gA5EQDTT024610;
	Tue, 5 Nov 2002 14:26:15 GMT
Received: by folly.informatik.uni-erlangen.de (Postfix, from userid 31451)
	id EF33434081; Tue,  5 Nov 2002 15:25:36 +0100 (CET)
Date: Tue, 5 Nov 2002 15:25:36 +0100
From: Markus Friedl <markus@openbsd.org>
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: Alexander Leidinger <Alexander@Leidinger.net>,
	current@freebsd.org, openssh@openbsd.org
Subject: Re: ssh-agent broken with pam_ssh for xdm (+ fix for ssh-agent.c)
Message-ID: <20021105142536.GA8326@folly>
References: <20021103204902.3c6b3705.Alexander@Leidinger.net> <20021104092329.GA1677@folly> <xzpd6pkxgip.fsf@flood.ping.uio.no>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <xzpd6pkxgip.fsf@flood.ping.uio.no>
User-Agent: Mutt/1.4i
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

On Tue, Nov 05, 2002 at 03:01:02PM +0100, Dag-Erling Smorgrav wrote:
> Markus Friedl <markus@openbsd.org> writes:
> > yes, geteuid() could work, too, but why is ssh-agent running
> > with a privileged user id?  shouldn't both the real and
> > effective user id be the uid of the user?
> 
> ssh-agent is started by pam_ssh which is run under xdm's uid (i.e. 0).
> It switches to the user's egid and euid before starting ssh-agent.

but shouldn't it do something like
        seteuid(getuid());
        setuid(getuid());
executing ssh-agent?

> FreeBSD's execve() does not change the real user id (I don't think
> POSIX allows it) so ssh-agent has real user-id 0.  It should do
> setuid(geteuid()) early on to guard against this.  Alternatively,
> pam_ssh could use a home-grown privilege-dropping popen() instead of
> libc's popen() to start ssh-agent.
> 
> DES
> -- 
> Dag-Erling Smorgrav - des@ofug.org

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message