On Wed, 10 Mar 2021 at 12:14, Hans Harder wrote:
> Indeed that is the correct question, because you can easily do
>
> #if DROPBEAR_SVR_MULTIUSER
>if (getuid() != ses.authstate.pw_uid) {
> setgid and setuid part
>}
> #endif
Well yes, if you're confident that setgid() and
Indeed that is the correct question, because you can easily do
#if DROPBEAR_SVR_MULTIUSER
if (getuid() != ses.authstate.pw_uid) {
setgid and setuid part
}
#endif
On Wed, Mar 10, 2021 at 11:41 AM Geoff Winkless wrote:
>
> On Tue, 9 Mar 2021 at 15:43, Kazuo Kuroi wrote:
> >
On Tue, 9 Mar 2021 at 15:43, Kazuo Kuroi wrote:
> That's a good suggestion. but I suggest that if your code can't run on
> UNIX platforms that it would need an include guard against it.
I completely understand your concern.
I would hope that the changes would be system-agnostic: the idea would
Hello Geoff,
That's a good suggestion. but I suggest that if your code can't run on
UNIX platforms that it would need an include guard against it. Matt has
taken a lot of time to ensure this not only runs on proprietary old C
compilers, but also on older OSes where OpenSSH is not a good
Hi
I appreciate that there's an compile-time option
DROPBEAR_SVR_MULTIUSER=0 to skip the setuid/gid sections, but can I
make a humble suggestion that we fail gracefully if someone* runs a
dropbear that _doesn't_ have that option configured on a linux kernel
that's compiled single-user.
*Not me,