1 Avoid calling setgroups(2).
3 Hardcode and do not require absolute path.
5 diff -u -r ../openssh-6.6p1/sshd.c ./sshd.c
6 --- ../openssh-6.6p1/sshd.c 2014-02-27 00:20:08.000000000 +0100
7 +++ ./sshd.c 2014-06-04 13:25:00.476658070 +0200
9 do_setusercontext(privsep_pw);
11 gidset[0] = privsep_pw->pw_gid;
13 if (setgroups(1, gidset) < 0)
14 fatal("setgroups: %.100s", strerror(errno));
16 permanently_set_uid(privsep_pw);
22 saved_argv = xcalloc(ac + 1, sizeof(*saved_argv));
23 - for (i = 0; i < ac; i++)
24 + saved_argv[0] = "@TERMUX_PREFIX@/bin/sshd";
25 + for (i = 1; i < ac; i++)
26 saved_argv[i] = xstrdup(av[i]);
29 @@ -1413,8 +1416,10 @@
34 if (geteuid() == 0 && setgroups(0, NULL) == -1)
35 debug("setgroups(): %.200s", strerror(errno));
38 /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
42 if (rexeced_flag || inetd_flag)
44 - if (!test_flag && (rexec_flag && (av[0] == NULL || *av[0] != '/')))
45 - fatal("sshd re-exec requires execution with an absolute path");
47 closefrom(REEXEC_MIN_FREE_FD);
50 free(privsep_pw->pw_passwd);
51 privsep_pw->pw_passwd = xstrdup("*");
58 sensitive_data.host_keys = xcalloc(options.num_host_key_files,
59 @@ -1838,8 +1843,10 @@
60 * to create a file, and we can't control the code in every
61 * module which might be used).
64 if (setgroups(0, NULL) < 0)
65 debug("setgroups() failed: %.200s", strerror(errno));
69 rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));