- djm@cvs.openbsd.org 2013/03/06 23:35:23

     [session.c]
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@

2 files changed, 8 insertions, 2 deletions

diff --git a/ChangeLog b/ChangeLog
index 3f80a25c1..dbe5d8eae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -6,6 +6,10 @@
    - markus@cvs.openbsd.org 2013/03/05 20:16:09
      [sshconnect2.c]
      reset pubkey order on partial success; ok djm@
+   - djm@cvs.openbsd.org 2013/03/06 23:35:23
+     [session.c]
+     fatal() when ChrootDirectory specified by running without root privileges;
+     ok markus@
 
 20130418
  - (djm) [config.guess config.sub] Update to last versions before they switch
diff --git a/session.c b/session.c
index 19eaa20c3..3064ea227 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */
+/* $OpenBSD: session.c,v 1.262 2013/03/06 23:35:23 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1529,7 +1529,9 @@ do_setusercontext(struct passwd *pw)
                 /* Permanently switch to the desired uid. */
                 permanently_set_uid(pw);
 #endif
-        }
+        } else if (options.chroot_directory != NULL &&
+            strcasecmp(options.chroot_directory, "none") != 0)
+                fatal("server lacks privileges to chroot to ChrootDirectory");
 
         if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
                 fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);