| 1 | Avoid calling setgroups(2). |
| 2 | |
| 3 | Hardcode and do not require absolute path. |
| 4 | |
| 5 | diff -u -r ../openssh-6.6p1/sshd.c ./sshd.c |
| 6 | --- ../openssh-6.6p1/sshd.c 2014-02-27 00:20:08.000000000 +0100 |
| 7 | +++ ./sshd.c 2014-06-04 13:25:00.476658070 +0200 |
| 8 | @@ -647,8 +647,10 @@ |
| 9 | do_setusercontext(privsep_pw); |
| 10 | #else |
| 11 | gidset[0] = privsep_pw->pw_gid; |
| 12 | +#ifndef __ANDROID__ |
| 13 | if (setgroups(1, gidset) < 0) |
| 14 | fatal("setgroups: %.100s", strerror(errno)); |
| 15 | +#endif |
| 16 | permanently_set_uid(privsep_pw); |
| 17 | #endif |
| 18 | } |
| 19 | @@ -1403,7 +1405,8 @@ |
| 20 | saved_argc = ac; |
| 21 | rexec_argc = ac; |
| 22 | saved_argv = xcalloc(ac + 1, sizeof(*saved_argv)); |
| 23 | - for (i = 0; i < ac; i++) |
| 24 | + saved_argv[0] = "@TERMUX_PREFIX@/bin/sshd"; |
| 25 | + for (i = 1; i < ac; i++) |
| 26 | saved_argv[i] = xstrdup(av[i]); |
| 27 | saved_argv[i] = NULL; |
| 28 | |
| 29 | @@ -1413,8 +1416,10 @@ |
| 30 | av = saved_argv; |
| 31 | #endif |
| 32 | |
| 33 | +#ifndef __ANDROID__ |
| 34 | if (geteuid() == 0 && setgroups(0, NULL) == -1) |
| 35 | debug("setgroups(): %.200s", strerror(errno)); |
| 36 | +#endif |
| 37 | |
| 38 | /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ |
| 39 | sanitise_stdfd(); |
| 40 | @@ -1543,8 +1548,6 @@ |
| 41 | } |
| 42 | if (rexeced_flag || inetd_flag) |
| 43 | rexec_flag = 0; |
| 44 | - if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/'))) |
| 45 | - fatal("sshd re-exec requires execution with an absolute path"); |
| 46 | if (rexeced_flag) |
| 47 | closefrom(REEXEC_MIN_FREE_FD); |
| 48 | else |
| 49 | @@ -1669,7 +1672,9 @@ |
| 50 | free(privsep_pw->pw_passwd); |
| 51 | privsep_pw->pw_passwd = xstrdup("*"); |
| 52 | } |
| 53 | +#ifndef __ANDROID__ |
| 54 | endpwent(); |
| 55 | +#endif |
| 56 | |
| 57 | /* load host keys */ |
| 58 | sensitive_data.host_keys = xcalloc(options.num_host_key_files, |
| 59 | @@ -1838,8 +1843,10 @@ |
| 60 | * to create a file, and we can't control the code in every |
| 61 | * module which might be used). |
| 62 | */ |
| 63 | +#ifndef __ANDROID__ |
| 64 | if (setgroups(0, NULL) < 0) |
| 65 | debug("setgroups() failed: %.200s", strerror(errno)); |
| 66 | +#endif |
| 67 | |
| 68 | if (rexec_flag) { |
| 69 | rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); |