On Tue, Nov 05, 2002 at 03:01:02PM +0100, Dag-Erling Smorgrav wrote:
> Markus Friedl <[EMAIL PROTECTED]> writes:
> > yes, geteuid() could work, too, but why is ssh-agent running
> > with a privileged user id? shouldn't both the real and
> > effective user id be the uid of the user?
>
> ssh-agent is started by pam_ssh which is run under xdm's uid (i.e. 0).
> It switches to the user's egid and euid before starting ssh-agent.
but shouldn't it do something like
seteuid(getuid());
setuid(getuid());
executing ssh-agent?
> FreeBSD's execve() does not change the real user id (I don't think
> POSIX allows it) so ssh-agent has real user-id 0. It should do
> setuid(geteuid()) early on to guard against this. Alternatively,
> pam_ssh could use a home-grown privilege-dropping popen() instead of
> libc's popen() to start ssh-agent.
>
> DES
> --
> Dag-Erling Smorgrav - [EMAIL PROTECTED]
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
