int channel_droppriv(char *user, char **shell) { struct passwd *pw; char *name; pw = getpwnam(user); if (!pw) return 0; if (isatty(0)) { name = ttyname(0); if (!name) return 0; if (!newenv_env("SSH_TTY", name)) return 0; if (!setowner(name, pw)) return 0; } /* drop privileges */ if (!dropuidgid(pw->pw_uid, pw->pw_gid)) return 0; if (chdir(pw->pw_dir) == -1) return 0; if (!newenv_env("HOME", pw->pw_dir)) return 0; if (!newenv_env("USER", pw->pw_name)) return 0; if (!newenv_env("LOGNAME", pw->pw_name)) return 0; if (!newenv_env("LOGIN", pw->pw_name)) return 0; if (!newenv_env("SHELL", pw->pw_shell)) return 0; *shell = pw->pw_shell; return 1; }
static void droproot(void) { uid_t uid; uid = geteuid(); if (uid == 0) { pw = getpwnam("nobody"); if (!pw) fail("getpwnam() failure") if (!dropuidgid(pw->pw_name, pw->pw_uid, pw->pw_gid)) fail("dropuidgid() failure"); }