===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/ssh-agent.c,v
retrieving revision 1.102
retrieving revision 1.103
diff -u -r1.102 -r1.103
--- src/usr.bin/ssh/ssh-agent.c	2002/08/22 20:57:19	1.102
+++ src/usr.bin/ssh/ssh-agent.c	2002/09/10 20:24:47	1.103
@@ -35,7 +35,7 @@
 
 #include "includes.h"
 #include <sys/queue.h>
-RCSID("$OpenBSD: ssh-agent.c,v 1.102 2002/08/22 20:57:19 stevesk Exp $");
+RCSID("$OpenBSD: ssh-agent.c,v 1.103 2002/09/10 20:24:47 markus Exp $");
 
 #include <openssl/evp.h>
 #include <openssl/md5.h>
@@ -806,6 +806,8 @@
 	char buf[1024];
 	int len, sock;
 	u_int i;
+	uid_t euid;
+	gid_t egid;
 
 	for (i = 0; i < sockets_alloc; i++)
 		switch (sockets[i].type) {
@@ -819,6 +821,19 @@
 				if (sock < 0) {
 					error("accept from AUTH_SOCKET: %s",
 					    strerror(errno));
+					break;
+				}
+				if (getpeereid(sock, &euid, &egid) < 0) {
+					error("getpeereid %d failed: %s",
+					    sock, strerror(errno));
+					close(sock);
+					break;
+				}
+				if (getuid() != euid) {
+					error("uid mismatch: "
+					    "peer euid %d != uid %d",
+					    (int) euid, (int) getuid());
+					close(sock);
 					break;
 				}
 				new_socket(AUTH_CONNECTION, sock);