diff options
author | Nico Weber <thakis@chromium.org> | 2020-06-19 08:24:44 -0400 |
---|---|---|
committer | Andreas Kling <kling@serenityos.org> | 2020-06-19 20:34:59 +0200 |
commit | e34299a13621b51de21cbfc580dbf239a94d3c17 (patch) | |
tree | 686d7967529ecfac402314a2ea35fe631980e127 | |
parent | 748ac5e01b3a367846387169d387812176b2fc72 (diff) | |
download | serenity-e34299a13621b51de21cbfc580dbf239a94d3c17.zip |
Ports: Remove dropbear patch that removed calls to seteuid()
This is no longer necessary now that seteuid() / setegid()
is implemented.
-rw-r--r-- | Ports/dropbear/patches/remove-seteuid-setegid.patch | 96 |
1 files changed, 0 insertions, 96 deletions
diff --git a/Ports/dropbear/patches/remove-seteuid-setegid.patch b/Ports/dropbear/patches/remove-seteuid-setegid.patch deleted file mode 100644 index d734033171..0000000000 --- a/Ports/dropbear/patches/remove-seteuid-setegid.patch +++ /dev/null @@ -1,96 +0,0 @@ -Dropbear temporarily drops privilliges to make sure the user has access -to do various actions (e.g access its authorized_keys file). -Serenity doesn't implement seteuid/setegid, so we can't drop privilliges and -regain them this way (at least, not that I know it's possible). ---- a/svr-authpubkey.c.orig -+++ b/svr-authpubkey.c -@@ -347,25 +347,8 @@ - snprintf(filename, len + 22, "%s/.ssh/authorized_keys", - ses.authstate.pw_dir); - --#if DROPBEAR_SVR_MULTIUSER -- /* open the file as the authenticating user. */ -- origuid = getuid(); -- origgid = getgid(); -- if ((setegid(ses.authstate.pw_gid)) < 0 || -- (seteuid(ses.authstate.pw_uid)) < 0) { -- dropbear_exit("Failed to set euid"); -- } --#endif -- - authfile = fopen(filename, "r"); - --#if DROPBEAR_SVR_MULTIUSER -- if ((seteuid(origuid)) < 0 || -- (setegid(origgid)) < 0) { -- dropbear_exit("Failed to revert euid"); -- } --#endif -- - if (authfile == NULL) { - goto out; - } ---- a/svr-agentfwd.c.orig -+++ b/svr-agentfwd.c -@@ -151,17 +151,6 @@ - - if (chansess->agentfile != NULL && chansess->agentdir != NULL) { - --#if DROPBEAR_SVR_MULTIUSER -- /* Remove the dir as the user. That way they can't cause problems except -- * for themselves */ -- uid = getuid(); -- gid = getgid(); -- if ((setegid(ses.authstate.pw_gid)) < 0 || -- (seteuid(ses.authstate.pw_uid)) < 0) { -- dropbear_exit("Failed to set euid"); -- } --#endif -- - /* 2 for "/" and "\0" */ - len = strlen(chansess->agentdir) + strlen(chansess->agentfile) + 2; - -@@ -172,13 +161,6 @@ - - rmdir(chansess->agentdir); - --#if DROPBEAR_SVR_MULTIUSER -- if ((seteuid(uid)) < 0 || -- (setegid(gid)) < 0) { -- dropbear_exit("Failed to revert euid"); -- } --#endif -- - m_free(chansess->agentfile); - m_free(chansess->agentdir); - } -@@ -220,16 +202,6 @@ - gid_t gid; - int ret = DROPBEAR_FAILURE; - --#if DROPBEAR_SVR_MULTIUSER -- /* drop to user privs to make the dir/file */ -- uid = getuid(); -- gid = getgid(); -- if ((setegid(ses.authstate.pw_gid)) < 0 || -- (seteuid(ses.authstate.pw_uid)) < 0) { -- dropbear_exit("Failed to set euid"); -- } --#endif -- - memset((void*)&addr, 0x0, sizeof(addr)); - addr.sun_family = AF_UNIX; - -@@ -268,12 +240,6 @@ - - - out: --#if DROPBEAR_SVR_MULTIUSER -- if ((seteuid(uid)) < 0 || -- (setegid(gid)) < 0) { -- dropbear_exit("Failed to revert euid"); -- } --#endif - return ret; - } -
\ No newline at end of file |