Indeed that is the correct question, because you can easily do
#if DROPBEAR_SVR_MULTIUSER
if (getuid() != ses.authstate.pw_uid) {
setgid and setuid part
}
#endif
On Wed, Mar 10, 2021 at 11:41 AM Geoff Winkless <dropb...@ukku.uk> wrote:
>
> On Tue, 9 Mar 2021 at 15:43, Kazuo Kuroi <ka...@irixnet.org> wrote:
> > That's a good suggestion. but I suggest that if your code can't run on
> > UNIX platforms that it would need an include guard against it.
>
> I completely understand your concern.
>
> I would hope that the changes would be system-agnostic: the idea would
> merely be that if the setgroups (or indeed setuid) call fails, it
> checks if the current running user is the same as the login user and
> ignores the failure if so.
>
> It could be simplified further by just skipping all the setuid and
> setgroup code if the login user is the same as the running user, but
> I'm not sure if that would always be acceptable (there may be some
> systems where the group calls need to be made even if the users are
> the same?) so I thought it would be best to add the check after
> failure.
>
> Geoff
