diff options
| author | Damien Miller <djm@mindrot.org> | 2024-06-13 06:35:25 +0200 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2024-06-13 06:35:25 +0200 |
| commit | afe10313c1fa8d478af399ee7d54c8f85503013b (patch) | |
| tree | 569888484b1a7e5669bccfd1b0fab8505e2947c4 /auth-rhosts.c | |
| parent | delay lookup of privsep user until config loaded (diff) | |
| download | openssh-afe10313c1fa8d478af399ee7d54c8f85503013b.tar.xz openssh-afe10313c1fa8d478af399ee7d54c8f85503013b.zip | |
fix PTY allocation on Cygwin, broken by sshd split
Cygwin doesn't support FD passing and so used to disable post-auth
privilege separation entirely because privsep requires PTY allocation
to happen in the privileged monitor process with the PTY file
descriptors being passed back to the unprivileged process.
This brings back a minimal version of the previous special treatment
for Cygwin (and any other platform that sets DISABLE_FD_PASSING):
privilege separation remains enabled, but PTY allocation happens in
the post-auth user process rather than the monitor.
This either requires PTY allocation to not need privilege to begin
with (this appears to be the case on Cygwin), or the post-auth
privsep process retain privilege (other platforms that set the
DISABLE_FD_PASSING option).
Keeping privileges here is bad, but the non-Cygwin systems that set
DISABLE_FD_PASSING are so deeply legacy that this is likely to be the
least of their problems.
Diffstat (limited to 'auth-rhosts.c')
0 files changed, 0 insertions, 0 deletions