Hi
I appreciate that there's an compile-time option
DROPBEAR_SVR_MULTIUSER=0 to skip the setuid/gid sections, but can I
make a humble suggestion that we fail gracefully if someone* runs a
dropbear that _doesn't_ have that option configured on a linux kernel
that's compiled single-user.
*Not me, of course, I would obviously never do anything that stupid...
The idea being, if you're running as root and logging in as root, it
shouldn't matter if the setuid stuff fails, so for example In
svr-chansession.c, something like:
/* We can only change uid/gid as root ... */
if (getuid() == 0) {
- if ((setgid(ses.authstate.pw_gid) < 0) ||
+ if ((setgid(ses.authstate.pw_gid) < 0 &&
ses.authstate.pw_uid != 0) ||
(initgroups(ses.authstate.pw_name,
ses.authstate.pw_gid) < 0)) {
dropbear_exit("Error changing user group");
}
- if (setuid(ses.authstate.pw_uid) < 0 &&
ses.authstate.pw_uid != 0) {
+ if (setuid(ses.authstate.pw_uid) < 0 &&
ses.authstate.pw_uid != 0) {
dropbear_exit("Error changing user");
}
} else {
There are a few other places (probably everywhere where SVR_MULTIUSER
is checked, I suppose) where the same principle could be applied.
Geoff
