summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDarren Tucker <dtucker@zip.com.au>2017-03-29 12:39:39 +1100
committerDarren Tucker <dtucker@zip.com.au>2017-03-29 12:39:39 +1100
commitd13281f2964abc5f2e535e1613c77fc61b0c53e7 (patch)
tree1b7b69f03a3af2441768ab77c8fa5f36ca2cdc65
parentf2742a481fe151e493765a3fbdef200df2ea7037 (diff)
Don't check privsep user or path when unprivileged
If running with privsep (mandatory now) as a non-privileged user, we don't chroot or change to an unprivileged user however we still checked the existence of the user and directory. Don't do those checks if we're not going to use them. Based in part on a patch from Lionel Fourquaux via Corinna Vinschen, ok djm@
-rw-r--r--sshd.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/sshd.c b/sshd.c
index 010a2c38a..197c4ec8e 100644
--- a/sshd.c
+++ b/sshd.c
@@ -223,6 +223,7 @@ int startup_pipe; /* in child */
223int use_privsep = -1; 223int use_privsep = -1;
224struct monitor *pmonitor = NULL; 224struct monitor *pmonitor = NULL;
225int privsep_is_preauth = 1; 225int privsep_is_preauth = 1;
226static int privsep_chroot = 1;
226 227
227/* global authentication context */ 228/* global authentication context */
228Authctxt *the_authctxt = NULL; 229Authctxt *the_authctxt = NULL;
@@ -541,7 +542,7 @@ privsep_preauth_child(void)
541 demote_sensitive_data(); 542 demote_sensitive_data();
542 543
543 /* Demote the child */ 544 /* Demote the child */
544 if (getuid() == 0 || geteuid() == 0) { 545 if (privsep_chroot) {
545 /* Change our root directory */ 546 /* Change our root directory */
546 if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) 547 if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
547 fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, 548 fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
@@ -1640,8 +1641,9 @@ main(int ac, char **av)
1640 ); 1641 );
1641 1642
1642 /* Store privilege separation user for later use if required. */ 1643 /* Store privilege separation user for later use if required. */
1644 privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
1643 if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { 1645 if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
1644 if (use_privsep || options.kerberos_authentication) 1646 if (privsep_chroot || options.kerberos_authentication)
1645 fatal("Privilege separation user %s does not exist", 1647 fatal("Privilege separation user %s does not exist",
1646 SSH_PRIVSEP_USER); 1648 SSH_PRIVSEP_USER);
1647 } else { 1649 } else {
@@ -1767,7 +1769,7 @@ main(int ac, char **av)
1767 key_type(key)); 1769 key_type(key));
1768 } 1770 }
1769 1771
1770 if (use_privsep) { 1772 if (privsep_chroot) {
1771 struct stat st; 1773 struct stat st;
1772 1774
1773 if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || 1775 if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||