Репозитории ALT
S: | 9.4p1-alt1 |
5.1: | 5.3p1-alt1 |
4.1: | 5.0p1-alt3 |
4.0: | 5.0p1-alt3 |
+updates: | 4.7p1-alt1 |
3.0: | 3.6.1p2-alt6 |
Группа :: Сети/Удалённый доступ
Пакет: openssh
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: openssh-3.6.1p1-owl-drop-groups.patch
Скачать
Скачать
diff -ur openssh-3.6.1p1.orig/sshd.c openssh-3.6.1p1/sshd.c
--- openssh-3.6.1p1.orig/sshd.c Mon Mar 10 00:38:10 2003
+++ openssh-3.6.1p1/sshd.c Mon Apr 7 14:35:30 2003
@@ -533,7 +533,7 @@
privsep_preauth_child(void)
{
u_int32_t rnd[256];
- gid_t gidset[1];
+ gid_t gidset[2];
struct passwd *pw;
int i;
@@ -564,12 +564,12 @@
debug3("privsep user:group %u:%u", (u_int)pw->pw_uid,
(u_int)pw->pw_gid);
#if 0
- /* XXX not ready, to heavy after chroot */
+ /* XXX not ready, too heavy after chroot */
do_setusercontext(pw);
#else
- gidset[0] = pw->pw_gid;
+ gidset[0] = gidset[1] = pw->pw_gid;
if (setgid(pw->pw_gid) < 0)
- fatal("setgid failed for %u", pw->pw_gid );
+ fatal("setgid failed for %u", pw->pw_gid);
if (setgroups(1, gidset) < 0)
fatal("setgroups: %.100s", strerror(errno));
permanently_set_uid(pw);
@@ -1081,8 +1081,15 @@
* to create a file, and we can't control the code in every
* module which might be used).
*/
- if (setgroups(0, NULL) < 0)
- debug("setgroups() failed: %.200s", strerror(errno));
+ if (geteuid() == 0 && setgroups(0, NULL) != 0)
+#ifndef USE_PAM
+ /*
+ * We can ignore the lack of support for having no supplementary
+ * groups at all if don't use PAM.
+ */
+ if (errno != EINVAL)
+#endif
+ fatal("setgroups: %.200s", strerror(errno));
/* Initialize the log (it is reinitialized below in case we forked). */
if (debug_flag && !inetd_flag)