| Rich Freeman via plug on 17 Jun 2020 04:55:40 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] sshd as regular user |
On Tue, Jun 16, 2020 at 10:40 PM brent timothy saner via plug
<plug@lists.phillylinux.org> wrote:
>
> I downloaded a tarball of the latest stable release of portable OpenSSH,
> 8.3p1[0] and found that there's 7 hardcoded checks (just checked with
> grep, didn't check the context of them) for EUID of 0:
>
> uidswap.c:77: if (geteuid() != 0) {
> openbsd-compat/port-aix.c:252: if (pw->pw_uid == 0 || geteuid() != 0) {
> openbsd-compat/port-aix.c:319: if (geteuid() != 0)
> logintest.c:128: if ((int)geteuid() != 0) {
> loginrec.c:442: if (geteuid() != 0) {
> loginrec.c:1670: if (geteuid() != 0)
> audit-linux.c:64: if ((rc == -EPERM) && (geteuid() != 0))
>
>
> Which means unless it's running as root or via sudo, those conditionals
> are going to evaluate to true (in this case, presumably, a true
> condition means "no worky").
>
Except that they don't mean "no worky."
They mean "don't do stuff that requires root to work."
The software doesn't just accidentally work as non-root. It was
designed to work as non-root.
--
Rich
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug