From bb8753a5a6f6921076e9d529d312ba9063310f49 Mon Sep 17 00:00:00 2001 From: Greg Alexander Date: Sun, 16 Jun 2019 19:46:16 -0400 Subject: [PATCH] Disable DROPBEAR_SVR_MULTIUSER, because we don't want to be calling setuid/seteuid sort of stuff (it won't work, and I think sec-comp or something kills our process). Also need to disable the sanity check. --- dropbear/common-session.c | 2 +- dropbear/localoptions.h | 2 ++ dropbear/svr-chansession.c | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/dropbear/common-session.c b/dropbear/common-session.c index c2de31b..e490731 100644 --- a/dropbear/common-session.c +++ b/dropbear/common-session.c @@ -68,7 +68,7 @@ void common_session_init(int sock_in, int sock_out) { /* Sets it to lowdelay */ update_channel_prio(); -#if !DROPBEAR_SVR_MULTIUSER +#if 0 && !DROPBEAR_SVR_MULTIUSER /* A sanity check to prevent an accidental configuration option leaving multiuser systems exposed */ errno = 0; diff --git a/dropbear/localoptions.h b/dropbear/localoptions.h index f42ff97..7f9615f 100644 --- a/dropbear/localoptions.h +++ b/dropbear/localoptions.h @@ -297,3 +297,5 @@ be overridden at runtime with -I. 0 disables idle timeouts */ /* The default path. This will often get replaced by the shell */ #define DEFAULT_PATH "/sbin:/system/sbin:/system/bin:/system/xbin" + +#define DROPBEAR_SVR_MULTIUSER 0 diff --git a/dropbear/svr-chansession.c b/dropbear/svr-chansession.c index 9d42efe..240abc4 100644 --- a/dropbear/svr-chansession.c +++ b/dropbear/svr-chansession.c @@ -961,7 +961,7 @@ static void execchild(const void *user_data) { #endif /* DEBUG_VALGRIND */ #endif -#if 0 /* DROPBEAR_SVR_MULTIUSER */ +#if DROPBEAR_SVR_MULTIUSER /* We can only change uid/gid as root ... */ if (getuid() == 0) {