Date: Sat, 09 Nov 2002 00:57:34 +1100 From: Damien Miller <djm@mindrot.org> To: Dag-Erling Smorgrav <des@ofug.org> Cc: Markus Friedl <markus@openbsd.org>, Alexander Leidinger <Alexander@Leidinger.net>, current@freebsd.org, openssh@openbsd.org Subject: Re: ssh-agent broken with pam_ssh for xdm (+ fix for ssh-agent.c) Message-ID: <3DCBC2CE.1030708@mindrot.org> In-Reply-To: <20021103204902.3c6b3705.Alexander@Leidinger.net> References: <20021103204902.3c6b3705.Alexander@Leidinger.net> <20021104092329.GA1677@folly> <xzpd6pkxgip.fsf@flood.ping.uio.no> <20021105142536.GA8326@folly> <xzp4rawx9vh.fsf@flood.ping.uio.no>
next in thread | previous in thread | raw e-mail | index | archive | help
Dag-Erling Smorgrav wrote: > Markus Friedl writes: > > >but shouldn't it do something like > > seteuid(getuid()); > > setuid(getuid()); > >executing ssh-agent? > > > It should. It currently uses popen(3), which doesn't. It needs > popen(3)-like functionality because it reads ssh-agent's output in > order to set $SSH_AGENT_PID and $SSH_AUTH_SOCK. Rewriting it to use > pipe(2) + fork(2) + execve(2) so it can frob the UID after forking but > before exec'ing is possible and desirable but not trivial. I'll see > what I can do later this week. There is code in sftp.c::connect_to_server() which does something close to this (pipe+fork+exec w/ args), adding uid frobbage should be easy. Though it doesn't do all the signal handling of popen()... -d To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3DCBC2CE.1030708>