Running dropbear as unprivileged user to a single user SSH Server
Antoine Catton
acatton at tiolive.com
Wed Aug 31 21:30:06 WST 2011
Hello,
On Wed, 2011-08-31 at 06:46 -0500, Rob Landley wrote:
> 1) The comments don't add anything here. (If userspace enabled? Here's
> what getlogin() does? Here's the end of the #ifdef seven lines earlier?)
>
> 2) The first line of that hunk creates a copy of username, then you
> check if you need to free that copy and make a different copy. Seems
> like a waste of work to me?
>
> 3) The Linux kernel uses a trick where it #defines is_singleuser() in a
> header somewhere to either a constant 0 (so the compiler's dead code
> elimination chops out the code) or else to svr_opts.singleuser, so you
> could just do:
>
> if (is_singleuser()) {
> m_free(username);
> username = m_strdup(getlogin());
> } else username = buf_getstring(ses.payload, &userlen);
>
I’m trying to improve my patch. But I just figured out I didn't really
get what you wanted.
Do you want me to not use C Preprocessor statements ?
Do you want to enable root running dropbear in single user mode ?
Could you tell me how should I improve this patch ?
Thank you.
Regards,
--
Antoine Catton
Nexedi Intern
More information about the Dropbear
mailing list