| 1 | Avoid calling setgroups(2). |
| 2 | |
| 3 | Hardcode and do not require absolute path. |
| 4 | |
| 5 | diff -u -r ../openssh-7.2p1/sshd.c ./sshd.c |
| 6 | --- ../openssh-7.2p1/sshd.c 2016-02-25 22:40:04.000000000 -0500 |
| 7 | +++ ./sshd.c 2016-02-29 02:36:00.863344328 -0500 |
| 8 | @@ -644,8 +644,10 @@ |
| 9 | debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, |
| 10 | (u_int)privsep_pw->pw_gid); |
| 11 | gidset[0] = privsep_pw->pw_gid; |
| 12 | +#ifndef __ANDROID__ |
| 13 | if (setgroups(1, gidset) < 0) |
| 14 | fatal("setgroups: %.100s", strerror(errno)); |
| 15 | +#endif |
| 16 | permanently_set_uid(privsep_pw); |
| 17 | } |
| 18 | } |
| 19 | @@ -1487,7 +1489,8 @@ |
| 20 | saved_argc = ac; |
| 21 | rexec_argc = ac; |
| 22 | saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); |
| 23 | - for (i = 0; i < ac; i++) |
| 24 | + saved_argv[0] = "@TERMUX_PREFIX@/bin/sshd"; |
| 25 | + for (i = 1; i < ac; i++) |
| 26 | saved_argv[i] = xstrdup(av[i]); |
| 27 | saved_argv[i] = NULL; |
| 28 | |
| 29 | @@ -1497,8 +1500,10 @@ |
| 30 | av = saved_argv; |
| 31 | #endif |
| 32 | |
| 33 | +#ifndef __ANDROID__ |
| 34 | if (geteuid() == 0 && setgroups(0, NULL) == -1) |
| 35 | debug("setgroups(): %.200s", strerror(errno)); |
| 36 | +#endif |
| 37 | |
| 38 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
| 39 | sanitise_stdfd(); |
| 40 | @@ -1628,8 +1633,6 @@ |
| 41 | } |
| 42 | if (rexeced_flag || inetd_flag) |
| 43 | rexec_flag = 0; |
| 44 | - if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/'))) |
| 45 | - fatal("sshd re-exec requires execution with an absolute path"); |
| 46 | if (rexeced_flag) |
| 47 | closefrom(REEXEC_MIN_FREE_FD); |
| 48 | else |
| 49 | @@ -1764,7 +1767,9 @@ |
| 50 | free(privsep_pw->pw_passwd); |
| 51 | privsep_pw->pw_passwd = xstrdup("*"); |
| 52 | } |
| 53 | +#ifndef __ANDROID__ |
| 54 | endpwent(); |
| 55 | +#endif |
| 56 | |
| 57 | /* load host keys */ |
| 58 | sensitive_data.host_keys = xcalloc(options.num_host_key_files, |
| 59 | @@ -1948,8 +1953,10 @@ |
| 60 | * to create a file, and we can't control the code in every |
| 61 | * module which might be used). |
| 62 | */ |
| 63 | +#ifndef __ANDROID__ |
| 64 | if (setgroups(0, NULL) < 0) |
| 65 | debug("setgroups() failed: %.200s", strerror(errno)); |
| 66 | +#endif |
| 67 | |
| 68 | if (rexec_flag) { |
| 69 | rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); |