|
@ -1,18 +1,23 @@ |
|
|
diff -u -r ../openssh-8.0p1/sshd.c ./sshd.c
|
|
|
diff -u -r ../openssh-8.1p1/sshd.c ./sshd.c
|
|
|
--- ../openssh-8.0p1/sshd.c 2019-04-17 22:52:57.000000000 +0000
|
|
|
--- ../openssh-8.1p1/sshd.c 2019-10-09 00:31:03.000000000 +0000
|
|
|
+++ ./sshd.c 2019-04-18 06:50:06.774278599 +0000
|
|
|
+++ ./sshd.c 2019-10-13 09:16:33.447856567 +0000
|
|
|
@@ -468,8 +468,10 @@
|
|
|
@@ -464,6 +464,7 @@
|
|
|
|
|
|
if (chdir("/") == -1) |
|
|
|
|
|
fatal("chdir(\"/\"): %s", strerror(errno)); |
|
|
|
|
|
|
|
|
|
|
|
+#ifndef __ANDROID__
|
|
|
|
|
|
/* Drop our privileges */ |
|
|
debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, |
|
|
debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, |
|
|
(u_int)privsep_pw->pw_gid); |
|
|
(u_int)privsep_pw->pw_gid); |
|
|
gidset[0] = privsep_pw->pw_gid; |
|
|
@@ -471,6 +472,7 @@
|
|
|
+#ifndef __ANDROID__
|
|
|
if (setgroups(1, gidset) == -1) |
|
|
if (setgroups(1, gidset) < 0) |
|
|
|
|
|
fatal("setgroups: %.100s", strerror(errno)); |
|
|
fatal("setgroups: %.100s", strerror(errno)); |
|
|
+#endif
|
|
|
|
|
|
permanently_set_uid(privsep_pw); |
|
|
permanently_set_uid(privsep_pw); |
|
|
|
|
|
+#endif
|
|
|
} |
|
|
} |
|
|
} |
|
|
} |
|
|
@@ -1444,7 +1446,8 @@
|
|
|
|
|
|
|
|
|
@@ -1442,7 +1444,8 @@
|
|
|
saved_argc = ac; |
|
|
saved_argc = ac; |
|
|
rexec_argc = ac; |
|
|
rexec_argc = ac; |
|
|
saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); |
|
|
saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); |
|
@ -22,7 +27,7 @@ diff -u -r ../openssh-8.0p1/sshd.c ./sshd.c |
|
|
saved_argv[i] = xstrdup(av[i]); |
|
|
saved_argv[i] = xstrdup(av[i]); |
|
|
saved_argv[i] = NULL; |
|
|
saved_argv[i] = NULL; |
|
|
|
|
|
|
|
|
@@ -1454,8 +1457,10 @@
|
|
|
@@ -1452,8 +1455,10 @@
|
|
|
av = saved_argv; |
|
|
av = saved_argv; |
|
|
#endif |
|
|
#endif |
|
|
|
|
|
|
|
@ -33,7 +38,7 @@ diff -u -r ../openssh-8.0p1/sshd.c ./sshd.c |
|
|
|
|
|
|
|
|
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
|
|
/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
|
|
sanitise_stdfd(); |
|
|
sanitise_stdfd(); |
|
|
@@ -1576,8 +1581,10 @@
|
|
|
@@ -1574,8 +1579,10 @@
|
|
|
} |
|
|
} |
|
|
if (rexeced_flag || inetd_flag) |
|
|
if (rexeced_flag || inetd_flag) |
|
|
rexec_flag = 0; |
|
|
rexec_flag = 0; |
|
@ -44,7 +49,7 @@ diff -u -r ../openssh-8.0p1/sshd.c ./sshd.c |
|
|
if (rexeced_flag) |
|
|
if (rexeced_flag) |
|
|
closefrom(REEXEC_MIN_FREE_FD); |
|
|
closefrom(REEXEC_MIN_FREE_FD); |
|
|
else |
|
|
else |
|
|
@@ -1696,7 +1703,9 @@
|
|
|
@@ -1694,7 +1701,9 @@
|
|
|
freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd)); |
|
|
freezero(privsep_pw->pw_passwd, strlen(privsep_pw->pw_passwd)); |
|
|
privsep_pw->pw_passwd = xstrdup("*"); |
|
|
privsep_pw->pw_passwd = xstrdup("*"); |
|
|
} |
|
|
} |
|
@ -54,7 +59,7 @@ diff -u -r ../openssh-8.0p1/sshd.c ./sshd.c |
|
|
|
|
|
|
|
|
/* load host keys */ |
|
|
/* load host keys */ |
|
|
sensitive_data.host_keys = xcalloc(options.num_host_key_files, |
|
|
sensitive_data.host_keys = xcalloc(options.num_host_key_files, |
|
|
@@ -1858,8 +1867,10 @@
|
|
|
@@ -1863,8 +1872,10 @@
|
|
|
* to create a file, and we can't control the code in every |
|
|
* to create a file, and we can't control the code in every |
|
|
* module which might be used). |
|
|
* module which might be used). |
|
|
*/ |
|
|
*/ |
|
|