Markus Friedl: > Since Solaris 2.3 allowed you to attach (e.g. with gdb) to a > programm running with euid==youruid, Tatu dropped the uid-swapping > code and made ssh fork into two processes. ... > void temporarily_use_uid(uid_t uid) > { > #ifdef SAVED_IDS_WORK_WITH_SETEUID > saved_euid = geteuid(); > if (seteuid(uid) == -1) > debug("seteuid %d: %.100s", (int)uid, strerror(errno)); > #else ssh starts up with the unprivileged real UID of the user; therefore setting the effective UID also to that of the user makes the process memory accessible for unprivileged access. This is how any reasonable UNIX system works, not just Solaris. However, no reasonable UNIX system should allow unprivileged users to debug a process that runs with real UID == 0, even when the effective UID is that of the user. That is the point I have been making repeatedly in this thread, and now I am tired of making it. Wietse
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:09:00 PDT