On Aug 5 22:15, Darren Tucker wrote:
> On Mon, 5 Aug 2019 at 20:26, Adam Endrodi <endrodi@xxxxxxxxx> wrote:
> [...]
> > My question is, do you think such a use case (running multiuser sshd as
> > non-root) is possible theoretically, or can it be implemented with a
> > small patch?
>
> I suspect it will not work out of the box, because there are a number
> of checks of the form (this one is from uidswap.c):
>
> if (geteuid() != 0) {
> privileged = 0;
> return;
> }
>
> I also suspect it could be made to work with a relatively small set of
> changes. For a proof of concept I'd suggest you try changing all of
> the instances of "privileged = 0" to "privileged = 1" in uidswap.c
> (this would not be suitable for real use, though).
Some of the Cygwin-specific code in OpenSSH allow to run sshd as a
privileged user with non-0 UID. Maybe those can help as well in that
scenario.
Corinna
--
Corinna Vinschen
Cygwin Maintainer
Red Hat
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
