Commit | Line | Data |
---|---|---|
59f0d218 FF |
1 | Avoid calling setgroups(2). |
2 | ||
3 | Hardcode and do not require absolute path. | |
4 | ||
8c37ff6b FF |
5 | diff -u -r ../openssh-7.2p1/sshd.c ./sshd.c |
6 | --- ../openssh-7.2p1/sshd.c 2016-02-25 22:40:04.000000000 -0500 | |
7 | +++ ./sshd.c 2016-02-29 02:36:00.863344328 -0500 | |
8 | @@ -644,8 +644,10 @@ | |
9 | debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, | |
10 | (u_int)privsep_pw->pw_gid); | |
11 | gidset[0] = privsep_pw->pw_gid; | |
59f0d218 | 12 | +#ifndef __ANDROID__ |
8c37ff6b FF |
13 | if (setgroups(1, gidset) < 0) |
14 | fatal("setgroups: %.100s", strerror(errno)); | |
59f0d218 | 15 | +#endif |
8c37ff6b FF |
16 | permanently_set_uid(privsep_pw); |
17 | } | |
59f0d218 | 18 | } |
8c37ff6b | 19 | @@ -1487,7 +1489,8 @@ |
59f0d218 FF |
20 | saved_argc = ac; |
21 | rexec_argc = ac; | |
22 | saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); | |
23 | - for (i = 0; i < ac; i++) | |
24 | + saved_argv[0] = "@TERMUX_PREFIX@/bin/sshd"; | |
25 | + for (i = 1; i < ac; i++) | |
26 | saved_argv[i] = xstrdup(av[i]); | |
27 | saved_argv[i] = NULL; | |
28 | ||
8c37ff6b | 29 | @@ -1497,8 +1500,10 @@ |
59f0d218 FF |
30 | av = saved_argv; |
31 | #endif | |
32 | ||
33 | +#ifndef __ANDROID__ | |
34 | if (geteuid() == 0 && setgroups(0, NULL) == -1) | |
35 | debug("setgroups(): %.200s", strerror(errno)); | |
36 | +#endif | |
37 | ||
38 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ | |
39 | sanitise_stdfd(); | |
8c37ff6b | 40 | @@ -1628,8 +1633,6 @@ |
59f0d218 FF |
41 | } |
42 | if (rexeced_flag || inetd_flag) | |
43 | rexec_flag = 0; | |
44 | - if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/'))) | |
45 | - fatal("sshd re-exec requires execution with an absolute path"); | |
46 | if (rexeced_flag) | |
47 | closefrom(REEXEC_MIN_FREE_FD); | |
48 | else | |
8c37ff6b | 49 | @@ -1764,7 +1767,9 @@ |
59f0d218 FF |
50 | free(privsep_pw->pw_passwd); |
51 | privsep_pw->pw_passwd = xstrdup("*"); | |
52 | } | |
53 | +#ifndef __ANDROID__ | |
54 | endpwent(); | |
55 | +#endif | |
56 | ||
57 | /* load host keys */ | |
58 | sensitive_data.host_keys = xcalloc(options.num_host_key_files, | |
8c37ff6b | 59 | @@ -1948,8 +1953,10 @@ |
59f0d218 FF |
60 | * to create a file, and we can't control the code in every |
61 | * module which might be used). | |
62 | */ | |
63 | +#ifndef __ANDROID__ | |
64 | if (setgroups(0, NULL) < 0) | |
65 | debug("setgroups() failed: %.200s", strerror(errno)); | |
66 | +#endif | |
67 | ||
68 | if (rexec_flag) { | |
69 | rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); |