You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

70 lines
1.9 KiB

10 years ago
Avoid calling setgroups(2).
Hardcode and do not require absolute path.
diff -u -r ../openssh-7.2p1/sshd.c ./sshd.c
--- ../openssh-7.2p1/sshd.c 2016-02-25 22:40:04.000000000 -0500
+++ ./sshd.c 2016-02-29 02:36:00.863344328 -0500
@@ -644,8 +644,10 @@
debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
(u_int)privsep_pw->pw_gid);
gidset[0] = privsep_pw->pw_gid;
10 years ago
+#ifndef __ANDROID__
if (setgroups(1, gidset) < 0)
fatal("setgroups: %.100s", strerror(errno));
10 years ago
+#endif
permanently_set_uid(privsep_pw);
}
10 years ago
}
@@ -1487,7 +1489,8 @@
10 years ago
saved_argc = ac;
rexec_argc = ac;
saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
- for (i = 0; i < ac; i++)
+ saved_argv[0] = "@TERMUX_PREFIX@/bin/sshd";
+ for (i = 1; i < ac; i++)
saved_argv[i] = xstrdup(av[i]);
saved_argv[i] = NULL;
@@ -1497,8 +1500,10 @@
10 years ago
av = saved_argv;
#endif
+#ifndef __ANDROID__
if (geteuid() == 0 && setgroups(0, NULL) == -1)
debug("setgroups(): %.200s", strerror(errno));
+#endif
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
sanitise_stdfd();
@@ -1628,8 +1633,6 @@
10 years ago
}
if (rexeced_flag || inetd_flag)
rexec_flag = 0;
- if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
- fatal("sshd re-exec requires execution with an absolute path");
if (rexeced_flag)
closefrom(REEXEC_MIN_FREE_FD);
else
@@ -1764,7 +1767,9 @@
10 years ago
free(privsep_pw->pw_passwd);
privsep_pw->pw_passwd = xstrdup("*");
}
+#ifndef __ANDROID__
endpwent();
+#endif
/* load host keys */
sensitive_data.host_keys = xcalloc(options.num_host_key_files,
@@ -1948,8 +1953,10 @@
10 years ago
* to create a file, and we can't control the code in every
* module which might be used).
*/
+#ifndef __ANDROID__
if (setgroups(0, NULL) < 0)
debug("setgroups() failed: %.200s", strerror(errno));
+#endif
if (rexec_flag) {
rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));