summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNico Weber <thakis@chromium.org>2020-06-19 08:24:44 -0400
committerAndreas Kling <kling@serenityos.org>2020-06-19 20:34:59 +0200
commite34299a13621b51de21cbfc580dbf239a94d3c17 (patch)
tree686d7967529ecfac402314a2ea35fe631980e127
parent748ac5e01b3a367846387169d387812176b2fc72 (diff)
downloadserenity-e34299a13621b51de21cbfc580dbf239a94d3c17.zip
Ports: Remove dropbear patch that removed calls to seteuid()
This is no longer necessary now that seteuid() / setegid() is implemented.
-rw-r--r--Ports/dropbear/patches/remove-seteuid-setegid.patch96
1 files changed, 0 insertions, 96 deletions
diff --git a/Ports/dropbear/patches/remove-seteuid-setegid.patch b/Ports/dropbear/patches/remove-seteuid-setegid.patch
deleted file mode 100644
index d734033171..0000000000
--- a/Ports/dropbear/patches/remove-seteuid-setegid.patch
+++ /dev/null
@@ -1,96 +0,0 @@
-Dropbear temporarily drops privilliges to make sure the user has access
-to do various actions (e.g access its authorized_keys file).
-Serenity doesn't implement seteuid/setegid, so we can't drop privilliges and
-regain them this way (at least, not that I know it's possible).
---- a/svr-authpubkey.c.orig
-+++ b/svr-authpubkey.c
-@@ -347,25 +347,8 @@
- snprintf(filename, len + 22, "%s/.ssh/authorized_keys",
- ses.authstate.pw_dir);
-
--#if DROPBEAR_SVR_MULTIUSER
-- /* open the file as the authenticating user. */
-- origuid = getuid();
-- origgid = getgid();
-- if ((setegid(ses.authstate.pw_gid)) < 0 ||
-- (seteuid(ses.authstate.pw_uid)) < 0) {
-- dropbear_exit("Failed to set euid");
-- }
--#endif
--
- authfile = fopen(filename, "r");
-
--#if DROPBEAR_SVR_MULTIUSER
-- if ((seteuid(origuid)) < 0 ||
-- (setegid(origgid)) < 0) {
-- dropbear_exit("Failed to revert euid");
-- }
--#endif
--
- if (authfile == NULL) {
- goto out;
- }
---- a/svr-agentfwd.c.orig
-+++ b/svr-agentfwd.c
-@@ -151,17 +151,6 @@
-
- if (chansess->agentfile != NULL && chansess->agentdir != NULL) {
-
--#if DROPBEAR_SVR_MULTIUSER
-- /* Remove the dir as the user. That way they can't cause problems except
-- * for themselves */
-- uid = getuid();
-- gid = getgid();
-- if ((setegid(ses.authstate.pw_gid)) < 0 ||
-- (seteuid(ses.authstate.pw_uid)) < 0) {
-- dropbear_exit("Failed to set euid");
-- }
--#endif
--
- /* 2 for "/" and "\0" */
- len = strlen(chansess->agentdir) + strlen(chansess->agentfile) + 2;
-
-@@ -172,13 +161,6 @@
-
- rmdir(chansess->agentdir);
-
--#if DROPBEAR_SVR_MULTIUSER
-- if ((seteuid(uid)) < 0 ||
-- (setegid(gid)) < 0) {
-- dropbear_exit("Failed to revert euid");
-- }
--#endif
--
- m_free(chansess->agentfile);
- m_free(chansess->agentdir);
- }
-@@ -220,16 +202,6 @@
- gid_t gid;
- int ret = DROPBEAR_FAILURE;
-
--#if DROPBEAR_SVR_MULTIUSER
-- /* drop to user privs to make the dir/file */
-- uid = getuid();
-- gid = getgid();
-- if ((setegid(ses.authstate.pw_gid)) < 0 ||
-- (seteuid(ses.authstate.pw_uid)) < 0) {
-- dropbear_exit("Failed to set euid");
-- }
--#endif
--
- memset((void*)&addr, 0x0, sizeof(addr));
- addr.sun_family = AF_UNIX;
-
-@@ -268,12 +240,6 @@
-
-
- out:
--#if DROPBEAR_SVR_MULTIUSER
-- if ((seteuid(uid)) < 0 ||
-- (setegid(gid)) < 0) {
-- dropbear_exit("Failed to revert euid");
-- }
--#endif
- return ret;
- }
- \ No newline at end of file