1 Avoid calling setgroups(2).
3 Hardcode and do not require absolute path.
5 diff -u -r ../openssh-7.2p1/sshd.c ./sshd.c
6 --- ../openssh-7.2p1/sshd.c 2016-02-25 22:40:04.000000000 -0500
7 +++ ./sshd.c 2016-02-29 02:36:00.863344328 -0500
9 debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
10 (u_int)privsep_pw->pw_gid);
11 gidset[0] = privsep_pw->pw_gid;
13 if (setgroups(1, gidset) < 0)
14 fatal("setgroups: %.100s", strerror(errno));
16 permanently_set_uid(privsep_pw);
22 saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
23 - for (i = 0; i < ac; i++)
24 + saved_argv[0] = "@TERMUX_PREFIX@/bin/sshd";
25 + for (i = 1; i < ac; i++)
26 saved_argv[i] = xstrdup(av[i]);
29 @@ -1497,8 +1500,10 @@
34 if (geteuid() == 0 && setgroups(0, NULL) == -1)
35 debug("setgroups(): %.200s", strerror(errno));
38 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
42 if (rexeced_flag || inetd_flag)
44 - if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
45 - fatal("sshd re-exec requires execution with an absolute path");
47 closefrom(REEXEC_MIN_FREE_FD);
50 free(privsep_pw->pw_passwd);
51 privsep_pw->pw_passwd = xstrdup("*");
58 sensitive_data.host_keys = xcalloc(options.num_host_key_files,
59 @@ -1948,8 +1953,10 @@
60 * to create a file, and we can't control the code in every
61 * module which might be used).
64 if (setgroups(0, NULL) < 0)
65 debug("setgroups() failed: %.200s", strerror(errno));
69 rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));