*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.314 2005/09/19 11:47:09 djm Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
if (authctxt->pw->pw_uid == 0 || options.use_login) {
#endif
/* File descriptor passing is broken or root login */
- monitor_apply_keystate(pmonitor);
use_privsep = 0;
- return;
+ goto out;
}
/* Authentication complete */
/* Drop privileges */
do_setusercontext(authctxt->pw);
+ out:
/* It is safe now to apply the key state */
monitor_apply_keystate(pmonitor);
if (geteuid() == 0 && setgroups(0, NULL) == -1)
debug("setgroups(): %.200s", strerror(errno));
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
+
/* Initialize configuration options to their default values. */
initialize_server_options(&options);