This patch corrects non-host owner filesystem permissions in
sshsession. Prior to these changes, SSH sessions would inherit the
host owner factotum, which lead to incorrect permissions on hosts
other than the file server.
These changes are similar to those submitted by Cinap Lenrek to
address a related issue in auth/as:
https://git.9front.org/plan9front/plan9front/55a0abdd439964793a5ebceb23776d162a0436d2/patch
--- /n/sources/plan9/sys/src/cmd/ssh2/sshsession.c Sun May 6 14:55:41 2012
+++ /sys/src/cmd/ssh2/sshsession.c Thu Dec 8 17:14:10 2022
@@ -89,6 +89,27 @@
}
/*
+ * mount factotum after auth
+ */
+static void
+mountfactotum(int ctlfd)
+{
+ int fd;
+
+ fd = open("/srv/factotum", ORDWR);
+ if (fd < 0) {
+ syslog(0, "ssh", "can't open /srv/factotum: %r");
+ hangup(ctlfd);
+ exits("open");
+ }
+ if (mount(fd, -1, "/mnt", MREPL, "") < 0) {
+ syslog(0, "ssh", "can't mount /srv/factotum in /mnt: %r");
+ hangup(ctlfd);
+ exits("can't mount");
+ }
+}
+
+/*
* mount tunnel if there isn't one visible.
*/
static void
@@ -135,6 +156,7 @@
return 0;
auth(buf, n, ctlfd);
+ mountfactotum(ctlfd);
p = strchr(buf, '@');
if (p == nil)
|