From: djm <djm>
Date: Wed, 4 Sep 2002 06:20:26 +0000 (+0000)
Subject:    - markus@cvs.openbsd.org 2002/08/12 10:46:35
X-Git-Tag: V_3_5_P1~70
X-Git-Url: http://andersk.mit.edu/gitweb/openssh.git/commitdiff_plain/954640a4967c588cff4c6f6c9003ef89691aa209

   - markus@cvs.openbsd.org 2002/08/12 10:46:35
     [ssh-agent.c]
     make ssh-agent setgid, disallow ptrace.
     (note: change not yet made in Makefile)
---

diff --git a/ChangeLog b/ChangeLog
index b318fa08..c2917310 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20020903
+ - (djm) OpenBSD CVS Sync
+   - markus@cvs.openbsd.org 2002/08/12 10:46:35
+     [ssh-agent.c]
+     make ssh-agent setgid, disallow ptrace.
+
 20020820
  - OpenBSD CVS Sync
    - millert@cvs.openbsd.org 2002/08/02 14:43:15
diff --git a/ssh-agent.c b/ssh-agent.c
index 1f21cbc9..0615889b 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
@@ -35,7 +35,7 @@
 
 #include "includes.h"
 #include "openbsd-compat/fake-queue.h"
-RCSID("$OpenBSD: ssh-agent.c,v 1.98 2002/07/21 18:07:45 stevesk Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.99 2002/08/12 10:46:35 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -943,6 +943,10 @@ main(int ac, char **av)
 	pid_t pid;
 	char pidstrbuf[1 + 3 * sizeof pid];
 
+	/* drop */
+	setegid(getgid());
+	setgid(getgid());
+
 	SSLeay_add_all_algorithms();
 
 	__progname = get_progname(av[0]);