From owner-freebsd-current  Thu Nov  7  6: 7:40 2002
Delivered-To: freebsd-current@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2A76B37B401
	for <current@freebsd.org>; Thu,  7 Nov 2002 06:07:39 -0800 (PST)
Received: from shitei.mindrot.org (shitei.mindrot.org [203.36.198.97])
	by mx1.FreeBSD.org (Postfix) with ESMTP id DC92243E42
	for <current@freebsd.org>; Thu,  7 Nov 2002 06:07:37 -0800 (PST)
	(envelope-from djm@mindrot.org)
Received: from mindrot.org (mothra.mindrot.org [203.44.118.225])
	by shitei.mindrot.org (Postfix) with ESMTP
	id E60963D1CA; Fri,  8 Nov 2002 00:50:26 +1100 (EST)
Message-ID: <3DCBC2CE.1030708@mindrot.org>
Date: Sat, 09 Nov 2002 00:57:34 +1100
From: Damien Miller <djm@mindrot.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2b) Gecko/20021018
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Dag-Erling Smorgrav <des@ofug.org>
Cc: Markus Friedl <markus@openbsd.org>,
	Alexander Leidinger <Alexander@Leidinger.net>, current@freebsd.org,
	openssh@openbsd.org
Subject: Re: ssh-agent broken with pam_ssh for xdm (+ fix for ssh-agent.c)
References: <20021103204902.3c6b3705.Alexander@Leidinger.net>	<20021104092329.GA1677@folly> <xzpd6pkxgip.fsf@flood.ping.uio.no>	<20021105142536.GA8326@folly> <xzp4rawx9vh.fsf@flood.ping.uio.no>
In-Reply-To: <20021103204902.3c6b3705.Alexander@Leidinger.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-current.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-current>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-current>
X-Loop: FreeBSD.ORG

Dag-Erling Smorgrav wrote:

> Markus Friedl  writes:
>
> >but shouldn't it do something like
> >        seteuid(getuid());
> >        setuid(getuid());
> >executing ssh-agent?
>
>
> It should.  It currently uses popen(3), which doesn't.  It needs
> popen(3)-like functionality because it reads ssh-agent's output in
> order to set $SSH_AGENT_PID and $SSH_AUTH_SOCK.  Rewriting it to use
> pipe(2) + fork(2) + execve(2) so it can frob the UID after forking but
> before exec'ing is possible and desirable but not trivial.  I'll see
> what I can do later this week.

There is code in sftp.c::connect_to_server() which does something close 
to this (pipe+fork+exec w/ args), adding uid frobbage should be easy. 
Though it doesn't do all the signal handling of popen()...

-d


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message