Hi I appreciate that there's an compile-time option DROPBEAR_SVR_MULTIUSER=0 to skip the setuid/gid sections, but can I make a humble suggestion that we fail gracefully if someone* runs a dropbear that _doesn't_ have that option configured on a linux kernel that's compiled single-user.
*Not me, of course, I would obviously never do anything that stupid... The idea being, if you're running as root and logging in as root, it shouldn't matter if the setuid stuff fails, so for example In svr-chansession.c, something like: /* We can only change uid/gid as root ... */ if (getuid() == 0) { - if ((setgid(ses.authstate.pw_gid) < 0) || + if ((setgid(ses.authstate.pw_gid) < 0 && ses.authstate.pw_uid != 0) || (initgroups(ses.authstate.pw_name, ses.authstate.pw_gid) < 0)) { dropbear_exit("Error changing user group"); } - if (setuid(ses.authstate.pw_uid) < 0 && ses.authstate.pw_uid != 0) { + if (setuid(ses.authstate.pw_uid) < 0 && ses.authstate.pw_uid != 0) { dropbear_exit("Error changing user"); } } else { There are a few other places (probably everywhere where SVR_MULTIUSER is checked, I suppose) where the same principle could be applied. Geoff