From: R. Steve McKown <rsmckown@gmail.com>
Date: Mon, 24 Sep 2012 02:52:58 +0000 (-0600)
Subject: Ensure non-repo ssh commands run as connecting user.
X-Git-Tag: 0.2~4
X-Git-Url: https://oss.titaniummirror.com/gitweb?p=repo_shell.git;a=commitdiff_plain;h=961cb65d693c36d7811b15a2023a35b9c5413044

Ensure non-repo ssh commands run as connecting user.
---

diff --git a/repo_shell.c b/repo_shell.c
index 1b06ec3..ecce7d3 100644
--- a/repo_shell.c
+++ b/repo_shell.c
@@ -348,8 +348,10 @@ int main(int argc, char **argv)
 		return 0;
 	}
 
-	if (argc == 1 && check_ssh_interactive(getuid()))
+	if (argc == 1 && check_ssh_interactive(getuid())) {
+		setuid(getuid());
 		execvp(shell_argv[0], (char *const *) shell_argv);
+        }
 
 #ifdef USE_DEFAULTS
 	ini_parse("repo_shell.cfg", handler, &cfg);
@@ -388,6 +390,7 @@ int main(int argc, char **argv)
 	if (!check_ssh_interactive(getuid()))
 		die("only repository access is allowed");
 
+	setuid(getuid());
 	cd_to_homedir();
 	count = split_cmdline(prog, &user_argv);
 	if (count >= 0) {