I've just implemented getpeereid in Cygwin and I found that there's
something I don't understand.

In ssh-agent.c and in clientloop.c, getpeereid is used to ask for the
effective uid of the peer side of the connected socket. So far so good,
but why does the test look like this:

if ((euid != 0) && (getuid() != euid))

? Is there any good reason why root should be able to connect to the
ssh-agent of a user? What is that reason? Otherwise, shouldn't it be
better just

if (getuid() != euid)



Corinna Vinschen
Cygwin Project Co-Leader
Red Hat, Inc.

openssh-unix-dev mailing list