Running dropbear as unprivileged user to a single user SSH Server

Antoine Catton acatton at tiolive.com
Wed Aug 31 21:30:06 WST 2011


Hello,

On Wed, 2011-08-31 at 06:46 -0500, Rob Landley wrote:
> 1) The comments don't add anything here.  (If userspace enabled?  Here's
> what getlogin() does?  Here's the end of the #ifdef seven lines earlier?)
> 
> 2) The first line of that hunk creates a copy of username, then you
> check if you need to free that copy and make a different copy.  Seems
> like a waste of work to me?
> 
> 3) The Linux kernel uses a trick where it #defines is_singleuser() in a
> header somewhere to either a constant 0 (so the compiler's dead code
> elimination chops out the code) or else to svr_opts.singleuser, so you
> could just do:
> 
>   if (is_singleuser()) {
>     m_free(username);
>     username = m_strdup(getlogin());
>   } else username = buf_getstring(ses.payload, &userlen);
> 

I’m trying to improve my patch. But I just figured out I didn't really
get what you wanted.

Do you want me to not use C Preprocessor statements ?
Do you want to enable root running dropbear in single user mode ?

Could you tell me how should I improve this patch ?

Thank you.

Regards,

--
Antoine Catton
Nexedi Intern



More information about the Dropbear mailing list