Ensure non-repo ssh commands run as connecting user.

author R. Steve McKown <rsmckown@gmail.com>

Mon, 24 Sep 2012 02:52:58 +0000 (20:52 -0600)

committer R. Steve McKown <rsmckown@gmail.com>

Mon, 24 Sep 2012 02:52:58 +0000 (20:52 -0600)
author R. Steve McKown <rsmckown@gmail.com>
Mon, 24 Sep 2012 02:52:58 +0000 (20:52 -0600)
committer R. Steve McKown <rsmckown@gmail.com>
Mon, 24 Sep 2012 02:52:58 +0000 (20:52 -0600)
diff --git a/repo_shell.c b/repo_shell.c

index 1b06ec3eefbee2c2c49968db9ef61fc5f05af5f7..ecce7d3aebc8229f6bbee4e3cfe3ed7bc0ead514 100644 (file)
--- a/repo_shell.c
+++ b/repo_shell.c
@@ -348,8 +348,10 @@ int main(int argc, char **argv)
                 return 0;
         }
  
-       if (argc == 1 && check_ssh_interactive(getuid()))
+       if (argc == 1 && check_ssh_interactive(getuid())) {
+               setuid(getuid());
                 execvp(shell_argv[0], (char *const *) shell_argv);
+        }
  
  #ifdef USE_DEFAULTS
         ini_parse("repo_shell.cfg", handler, &cfg);
@@ -388,6 +390,7 @@ int main(int argc, char **argv)
         if (!check_ssh_interactive(getuid()))
                 die("only repository access is allowed");
  
+       setuid(getuid());
         cd_to_homedir();
         count = split_cmdline(prog, &user_argv);
         if (count >= 0) {
author	R. Steve McKown <rsmckown@gmail.com>
	Mon, 24 Sep 2012 02:52:58 +0000 (20:52 -0600)
committer	R. Steve McKown <rsmckown@gmail.com>
	Mon, 24 Sep 2012 02:52:58 +0000 (20:52 -0600)