ClearML/dropbear
1
0
Fork 0
mirror of https://github.com/clearml/dropbear synced 2025-04-10 15:35:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add a sanity check for DROPBEAR_SVR_MULTIUSER==0 mode

Browse Source
This commit is contained in:
Matt Johnston 2019-03-20 22:57:06 +08:00
parent 0af22aa8e4
commit 0afcfafbb9
2 changed files with 13 additions and 1 deletions

10
common-session.c
View File

@ -68,6 +68,16 @@ void common_session_init(int sock_in, int sock_out) {
/* Sets it to lowdelay */ /* Sets it to lowdelay */
update_channel_prio(); update_channel_prio();
#if !DROPBEAR_SVR_MULTIUSER
/* A sanity check to prevent an accidental configuration option
leaving multiuser systems exposed */
errno = 0;
getuid();
if (errno != ENOSYS) {
dropbear_exit("Non-multiuser Dropbear requires a non-multiuser kernel");
}
#endif
now = monotonic_now(); now = monotonic_now();
ses.connect_time = now; ses.connect_time = now;
ses.last_packet_time_keepalive_recv = now; ses.last_packet_time_keepalive_recv = now;

4
default_options.h
View File

@ -196,7 +196,9 @@ group1 in Dropbear server too */
* authorized_keys file into account */ * authorized_keys file into account */
#define DROPBEAR_SVR_PUBKEY_OPTIONS 1 #define DROPBEAR_SVR_PUBKEY_OPTIONS 1
/* Disable if your kernel does not have multiple user support */ /* Set this to 0 if your system does not have multiple user support.
(Linux kernel CONFIG_MULTIUSER option)
The resulting binary will not run on a normal system. */
#define DROPBEAR_SVR_MULTIUSER 1 #define DROPBEAR_SVR_MULTIUSER 1
/* Client authentication options */ /* Client authentication options */