diff options
| author | Damien Miller <djm@mindrot.org> | 2013-04-23 15:24:18 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-04-23 15:24:18 +1000 |
| commit | a56086b9903b62c1c4fdedf01b68338fe4dc90e4 (patch) | |
| tree | 768e1aceeca703ff5d965f41c18b653062319301 | |
| parent | 0d6771b4648889ae5bc4235f9e3fc6cd82b710bd (diff) | |
- djm@cvs.openbsd.org 2013/04/19 01:03:01
[session.c]
reintroduce 1.262 without the connection-killing bug:
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@
| -rw-r--r-- | ChangeLog | 5 | ||||
| -rw-r--r-- | session.c | 8 |
2 files changed, 12 insertions, 1 deletions
| @@ -64,6 +64,11 @@ | |||
| 64 | - djm@cvs.openbsd.org 2013/04/19 01:01:00 | 64 | - djm@cvs.openbsd.org 2013/04/19 01:01:00 |
| 65 | [ssh-keygen.c] | 65 | [ssh-keygen.c] |
| 66 | fix some memory leaks; bz#2088 ok dtucker@ | 66 | fix some memory leaks; bz#2088 ok dtucker@ |
| 67 | - djm@cvs.openbsd.org 2013/04/19 01:03:01 | ||
| 68 | [session.c] | ||
| 69 | reintroduce 1.262 without the connection-killing bug: | ||
| 70 | fatal() when ChrootDirectory specified by running without root privileges; | ||
| 71 | ok markus@ | ||
| 67 | 72 | ||
| 68 | 20130418 | 73 | 20130418 |
| 69 | - (djm) [config.guess config.sub] Update to last versions before they switch | 74 | - (djm) [config.guess config.sub] Update to last versions before they switch |
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: session.c,v 1.263 2013/04/17 09:04:09 dtucker Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.264 2013/04/19 01:03:01 djm Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 4 | * All rights reserved | 4 | * All rights reserved |
| @@ -1513,6 +1513,9 @@ do_setusercontext(struct passwd *pw) | |||
| 1513 | safely_chroot(chroot_path, pw->pw_uid); | 1513 | safely_chroot(chroot_path, pw->pw_uid); |
| 1514 | free(tmp); | 1514 | free(tmp); |
| 1515 | free(chroot_path); | 1515 | free(chroot_path); |
| 1516 | /* Make sure we don't attempt to chroot again */ | ||
| 1517 | free(options.chroot_directory); | ||
| 1518 | options.chroot_directory = NULL; | ||
| 1516 | } | 1519 | } |
| 1517 | 1520 | ||
| 1518 | #ifdef HAVE_LOGIN_CAP | 1521 | #ifdef HAVE_LOGIN_CAP |
| @@ -1529,6 +1532,9 @@ do_setusercontext(struct passwd *pw) | |||
| 1529 | /* Permanently switch to the desired uid. */ | 1532 | /* Permanently switch to the desired uid. */ |
| 1530 | permanently_set_uid(pw); | 1533 | permanently_set_uid(pw); |
| 1531 | #endif | 1534 | #endif |
| 1535 | } else if (options.chroot_directory != NULL && | ||
| 1536 | strcasecmp(options.chroot_directory, "none") != 0) { | ||
| 1537 | fatal("server lacks privileges to chroot to ChrootDirectory"); | ||
| 1532 | } | 1538 | } |
| 1533 | 1539 | ||
| 1534 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) | 1540 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |