diff options
author | djm <djm> | 2001-02-26 09:49:58 +0000 |
---|---|---|
committer | djm <djm> | 2001-02-26 09:49:58 +0000 |
commit | e9a84b2d79ef0463a6857c7342c0b6a36481048f (patch) | |
tree | 0211da22d8ebaad903773a02b1e705c193bc4dfa /entropy.c | |
parent | 19a9cabd77378ccbb45573e702b667613862c8c0 (diff) | |
download | openssh-e9a84b2d79ef0463a6857c7342c0b6a36481048f.tar.gz |
- (djm) Some systems (SCO3, NeXT) have weird saved uid semantics.
Based on patch from Tim Rice <tim@multitalents.net>
Diffstat (limited to 'entropy.c')
-rw-r--r-- | entropy.c | 23 |
1 files changed, 22 insertions, 1 deletions
@@ -39,7 +39,7 @@ #include "pathnames.h" #include "log.h" -RCSID("$Id: entropy.c,v 1.29 2001/02/18 11:34:32 stevesk Exp $"); +RCSID("$Id: entropy.c,v 1.30 2001/02/26 09:49:59 djm Exp $"); #ifndef offsetof # define offsetof(type, member) ((size_t) &((type *)0)->member) @@ -825,13 +825,34 @@ void init_rng(void) prng_seed_saved = 0; /* Give up privs while reading seed file */ +#ifdef SAVED_IDS_WORK_WITH_SETEUID if ((original_uid != original_euid) && (seteuid(original_uid) == -1)) fatal("Couldn't give up privileges"); +#else /* SAVED_IDS_WORK_WITH_SETEUID */ + /* + * Propagate the privileged uid to all of our uids. + * Set the effective uid to the given (unprivileged) uid. + */ + if (original_uid != original_euid && setuid(original_euid) == -1 || + seteuid(original_uid) == -1) + fatal("Couldn't give up privileges"); +#endif /* SAVED_IDS_WORK_WITH_SETEUID */ prng_read_seedfile(); +#ifdef SAVED_IDS_WORK_WITH_SETEUID if ((original_uid != original_euid) && (seteuid(original_euid) == -1)) fatal("Couldn't restore privileges"); +#else /* SAVED_IDS_WORK_WITH_SETEUID */ + /* + * We are unable to restore the real uid to its unprivileged value. + * Propagate the real uid (usually more privileged) to effective uid + * as well. + */ + if (original_uid != original_euid && seteuid(original_euid) == -1 || + setuid(original_uid) == -1) + fatal("Couldn't restore privileges"); +#endif /* SAVED_IDS_WORK_WITH_SETEUID */ fatal_add_cleanup(prng_seed_cleanup, NULL); atexit(prng_write_seedfile); |