Re: ssh-agent broken with pam_ssh for xdm (+ fix for ssh-agent.c)

Thu, 07 Nov 2002 15:09:07 -0800 

Damien Miller wrote:
> Dag-Erling Smorgrav wrote:
> > Markus Friedl  writes:
> > >but shouldn't it do something like
> > >        seteuid(getuid());
> > >        setuid(getuid());
> > >executing ssh-agent?
> >
> > It should.  It currently uses popen(3), which doesn't.  It needs
> > popen(3)-like functionality because it reads ssh-agent's output in
> > order to set $SSH_AGENT_PID and $SSH_AUTH_SOCK.  Rewriting it to use
> > pipe(2) + fork(2) + execve(2) so it can frob the UID after forking but
> > before exec'ing is possible and desirable but not trivial.  I'll see
> > what I can do later this week.
> 
> There is code in sftp.c::connect_to_server() which does something close
> to this (pipe+fork+exec w/ args), adding uid frobbage should be easy.
> Though it doesn't do all the signal handling of popen()...

This is such a common case, it seems to me that it should use
common code.  See attached patch, which adds an "supopen(3)" to
libc.

The man page addition to popen(3) is left as an exercise for someone who
cares...

-- Terry
Index: lib/libc/gen/popen.c
===================================================================
RCS file: /cvs/src/lib/libc/gen/popen.c,v
retrieving revision 1.16
diff -c -r1.16 popen.c
*** lib/libc/gen/popen.c        1 Feb 2002 01:08:48 -0000       1.16
--- lib/libc/gen/popen.c        7 Nov 2002 19:03:34 -0000
***************
*** 65,70 ****
--- 65,81 ----
  popen(command, type)
        const char *command, *type;
  {
+       return( supopen( command, type, 0, 0, 0);
+ }
+ 
+ 
+ FILE *
+ supopen(command, type, set, uid, gid)
+       const char *command, *type;
+       int set;
+       uid_t uid;
+       gid_t uid;
+ {
        struct pid *cur;
        FILE *iop;
        int pdes[2], pid, twoway;
***************
*** 105,110 ****
--- 116,127 ----
                return (NULL);
                /* NOTREACHED */
        case 0:                         /* Child. */
+               if (set) {
+                       setegid( gid);
+                       setgid( gid);
+                       seteuid( uid);
+                       setuid( uid);
+               }
                if (*type == 'r') {
                        /*
                         * The _dup2() to STDIN_FILENO is repeated to avoid
Index: include/stdio.h
===================================================================
RCS file: /cvs/src/include/stdio.h,v
retrieving revision 1.50
diff -c -r1.50 stdio.h
*** include/stdio.h     14 Oct 2002 11:18:21 -0000      1.50
--- include/stdio.h     7 Nov 2002 18:55:49 -0000
***************
*** 286,291 ****
--- 286,294 ----
  #if __POSIX_VISIBLE >= 199209
  int    pclose(FILE *);
  FILE  *popen(const char *, const char *);
+ #if !defined(_ANSI_SOURCE) && !defined(_POSIX_SOURCE)
+ FILE  *supopen(const char *, const char *, int, uid_t, gid_t);
+ #endif
  #endif
  
  #if __POSIX_VISIBLE >= 199506

Reply via email to