[PATCH] authfd.c: check return value of seteuid(2) Ensure the call to seteuid(2) succeeds. As the linux man page rather ominously states:
Note: there are cases where seteuid() can fail even when the caller is UID 0; it is a grave security error to omit checking for a failure return from seteuid().
[PATCH 1/2] Adapt to OpenSSL 1.1.1. The FreeBSD operating system is migrating to OpenSSL 1.1.1 and I have created this set of patches to make pam_ssh_agent_auth compile with it.
The patch comments out some parts of include files which are not actually used and reference now opaque OpenSSL internals.
I also have migrated the source files to use accessors to use the OpenSSL objects.
The patch works on FreeBSD head (will be 12.0) but the --without-openssl-header-check argument is required in configure there.
[PATCH 2/2] Check against the correct OPENSSL_VERSION_NUMBER Alexey Dokuchaev (a fellow FreeBSD developer) pointed out to me the opaque structures were introduced in 1.1.0-pre 5, so the correct OPENSSL_VERSION_NUMBER to discriminate is 0x10100005L.
Guido Falsi <mad@madpilot.net>
no
2018-10-24
Showing 1 to 3 of 3 entries
All known versions for source package 'pam-ssh-agent-auth'
