- stevesk@cvs.openbsd.org 2002/06/22 16:40:19

     [sshd.c]
     check /var/empty owner mode; ok provos@

2 files changed, 8 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index ec7a5e0aa..e89683a86 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,9 @@
    - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
      [sshd.8]
      add /var/empty in FILES section
+   - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
+     [sshd.c]
+     check /var/empty owner mode; ok provos@
 
 20020622
  - (djm) Update README.privsep; spotted by fries@
@@ -1024,4 +1027,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2248 2002/06/23 00:32:57 mouring Exp $
+$Id: ChangeLog,v 1.2249 2002/06/23 00:33:47 mouring Exp $
diff --git a/sshd.c b/sshd.c
index feea3ce2c..d60b13d66 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.247 2002/06/22 16:40:19 stevesk Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1012,6 +1012,9 @@ main(int ac, char **av)
                     (S_ISDIR(st.st_mode) == 0))
                         fatal("Missing privilege separation directory: %s",
                             _PATH_PRIVSEP_CHROOT_DIR);
+                if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+                        fatal("Bad owner or mode for %s",
+                            _PATH_PRIVSEP_CHROOT_DIR);
         }
 
         /* Configuration looks good, so exit if in test mode. */