- djm@cvs.openbsd.org 2005/09/21 23:36:54

[openssh.git] / sshd.c

diff --git a/sshd.c b/sshd.c
index e9125a2294f73327e7017b6a72c37523e7914f74..6ef2eee1349ee6900d8003fca747adac09840994 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.312 2005/07/25 11:59:40 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.314 2005/09/19 11:47:09 djm Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -633,9 +633,8 @@ privsep_postauth(Authctxt *authctxt)
        if (authctxt->pw->pw_uid == 0 || options.use_login) {
 #endif
                /* File descriptor passing is broken or root login */
-               monitor_apply_keystate(pmonitor);
                use_privsep = 0;
-               return;
+               goto out;
        }
 
        /* Authentication complete */
@@ -669,6 +668,7 @@ privsep_postauth(Authctxt *authctxt)
        /* Drop privileges */
        do_setusercontext(authctxt->pw);
 
+ out:
        /* It is safe now to apply the key state */
        monitor_apply_keystate(pmonitor);
 
@@ -924,6 +924,9 @@ main(int ac, char **av)
        if (geteuid() == 0 && setgroups(0, NULL) == -1)
                debug("setgroups(): %.200s", strerror(errno));
 
+       /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+       sanitise_stdfd();
+
        /* Initialize configuration options to their default values. */
        initialize_server_options(&options);