https://bugzilla.mindrot.org/show_bug.cgi?id=2511
Alex Wilson <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2771|0 |1 is obsolete| | --- Comment #8 from Alex Wilson <[email protected]> --- Created attachment 2772 --> https://bugzilla.mindrot.org/attachment.cgi?id=2772&action=edit patch-v4 One last amendment, after a colleague reminded me of a fix that I should have merged into this patch. It fixes the case where a user (for some reason) decides they want to let sftp-server log in as root and they wish to have root's ability to read and write any file on the system. Privilege code that starts with priv_basicset() implicitly drops all of root's special rights (including these "DAC" filesystem rights), so this amendment changes the sftp-server to explicitly retain those particular parts of root (if it has them) while still dropping everything else. As I understand it, the other places this patch injects priv drops (for the ssh-agent, client mux and daemon sandbox) are fine with dropping all special root abilities if they are started with any of them, so those functions don't need to change. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
