From 258dc8bb07dfb35a46e52b0822a2c5b7027df60a Mon Sep 17 00:00:00 2001 From: "dtucker@openbsd.org" Date: Wed, 18 Jul 2018 11:34:04 +0000 Subject: upstream: Remove support for running ssh(1) setuid and fatal if attempted. Do not link uidwap.c into ssh any more. Neuters UsePrivilegedPort, which will be marked as deprecated shortly. ok markus@ djm@ OpenBSD-Commit-ID: c4ba5bf9c096f57a6ed15b713a1d7e9e2e373c42 --- uidswap.c | 33 +-------------------------------- 1 file changed, 1 insertion(+), 32 deletions(-) (limited to 'uidswap.c') diff --git a/uidswap.c b/uidswap.c index 1430b822..49f76d81 100644 --- a/uidswap.c +++ b/uidswap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: uidswap.c,v 1.40 2018/06/15 07:01:11 djm Exp $ */ +/* $OpenBSD: uidswap.c,v 1.41 2018/07/18 11:34:04 dtucker Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -135,37 +135,6 @@ temporarily_use_uid(struct passwd *pw) strerror(errno)); } -void -permanently_drop_suid(uid_t uid) -{ -#ifndef NO_UID_RESTORATION_TEST - uid_t old_uid = getuid(); -#endif - - debug("permanently_drop_suid: %u", (u_int)uid); - if (setresuid(uid, uid, uid) < 0) - fatal("setresuid %u: %.100s", (u_int)uid, strerror(errno)); - -#ifndef NO_UID_RESTORATION_TEST - /* - * Try restoration of UID if changed (test clearing of saved uid). - * - * Note that we don't do this on Cygwin, or on Solaris-based platforms - * where fine-grained privileges are available (the user might be - * deliberately allowed the right to setuid back to root). - */ - if (old_uid != uid && - (setuid(old_uid) != -1 || seteuid(old_uid) != -1)) - fatal("%s: was able to restore old [e]uid", __func__); -#endif - - /* Verify UID drop was successful */ - if (getuid() != uid || geteuid() != uid) { - fatal("%s: euid incorrect uid:%u euid:%u (should be %u)", - __func__, (u_int)getuid(), (u_int)geteuid(), (u_int)uid); - } -} - /* * Restores to the original (privileged) uid. */ -- cgit v1.2.1