2010-11-24 06:49:04 +00:00
|
|
|
diff -up pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c
|
|
|
|
--- pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c.seteuid 2010-09-08 08:54:29.000000000 +0200
|
|
|
|
+++ pam_ssh_agent_auth-0.9.2/iterate_ssh_agent_keys.c 2010-11-22 08:38:05.000000000 +0100
|
|
|
|
@@ -131,13 +131,18 @@ ssh_get_authentication_socket_for_uid(ui
|
|
|
|
}
|
|
|
|
|
|
|
|
errno = 0;
|
|
|
|
- seteuid(uid); /* To ensure a race condition is not used to circumvent the stat
|
|
|
|
- above, we will temporarily drop UID to the caller */
|
|
|
|
+ /* To ensure a race condition is not used to circumvent the stat
|
|
|
|
+ above, we will temporarily drop UID to the caller */
|
|
|
|
+ if (seteuid(uid) == -1) {
|
|
|
|
+ close(sock);
|
|
|
|
+ error("seteuid(%lu) failed", (unsigned long) uid);
|
|
|
|
+ return -1;
|
|
|
|
+ }
|
|
|
|
if (connect(sock, (struct sockaddr *)&sunaddr, sizeof sunaddr) < 0) {
|
|
|
|
close(sock);
|
|
|
|
- if(errno == EACCES)
|
|
|
|
- fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
|
|
|
|
- return -1;
|
|
|
|
+ sock = -1;
|
|
|
|
+ if(errno == EACCES)
|
|
|
|
+ fatal("MAJOR SECURITY WARNING: uid %lu made a deliberate and malicious attempt to open an agent socket owned by another user", (unsigned long) uid);
|
|
|
|
}
|
|
|
|
|
|
|
|
seteuid(0); /* we now continue the regularly scheduled programming */
|