diff options
author | djm <djm> | 2008-03-07 07:31:24 +0000 |
---|---|---|
committer | djm <djm> | 2008-03-07 07:31:24 +0000 |
commit | d6ff65b4332e3ee0ff49d06221393c315927db04 (patch) | |
tree | 12ca823005b41bae1a9fb3c370361222a3a48101 /sshd.c | |
parent | 2ec646b339caf583b985c5bd5f9637b17d5a1a76 (diff) | |
download | openssh-d6ff65b4332e3ee0ff49d06221393c315927db04.tar.gz |
- djm@cvs.openbsd.org 2008/02/13 22:38:17
[servconf.h session.c sshd.c]
rekey arc4random and OpenSSL RNG in postauth child
closefrom fds > 2 before shell/command execution
ok markus@
Diffstat (limited to 'sshd.c')
-rw-r--r-- | sshd.c | 13 |
1 files changed, 11 insertions, 2 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: sshd.c,v 1.353 2007/12/31 15:27:04 dtucker Exp $ */ +/* $OpenBSD: sshd.c,v 1.354 2008/02/13 22:38:17 djm Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland @@ -585,11 +585,12 @@ privsep_preauth_child(void) { u_int32_t rnd[256]; gid_t gidset[1]; - int i; + u_int i; /* Enable challenge-response authentication for privilege separation */ privsep_challenge_enable(); + arc4random_stir(); for (i = 0; i < 256; i++) rnd[i] = arc4random(); RAND_seed(rnd, sizeof(rnd)); @@ -664,6 +665,9 @@ privsep_preauth(Authctxt *authctxt) static void privsep_postauth(Authctxt *authctxt) { + u_int32_t rnd[256]; + u_int i; + #ifdef DISABLE_FD_PASSING if (1) { #else @@ -695,6 +699,11 @@ privsep_postauth(Authctxt *authctxt) /* Demote the private keys to public keys. */ demote_sensitive_data(); + arc4random_stir(); + for (i = 0; i < 256; i++) + rnd[i] = arc4random(); + RAND_seed(rnd, sizeof(rnd)); + /* Drop privileges */ do_setusercontext(authctxt->pw); |