- djm@cvs.openbsd.org 2013/04/19 01:03:01

     [session.c]
     reintroduce 1.262 without the connection-killing bug:
     fatal() when ChrootDirectory specified by running without root privileges;
     ok markus@

1 files changed, 7 insertions, 1 deletions

diff --git a/session.c b/session.c
index f5c777086..4c4461ded 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.263 2013/04/17 09:04:09 dtucker Exp $ */
+/* $OpenBSD: session.c,v 1.264 2013/04/19 01:03:01 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1513,6 +1513,9 @@ do_setusercontext(struct passwd *pw)
                         safely_chroot(chroot_path, pw->pw_uid);
                         free(tmp);
                         free(chroot_path);
+                        /* Make sure we don't attempt to chroot again */
+                        free(options.chroot_directory);
+                        options.chroot_directory = NULL;
                 }
 
 #ifdef HAVE_LOGIN_CAP
@@ -1529,6 +1532,9 @@ do_setusercontext(struct passwd *pw)
                 /* Permanently switch to the desired uid. */
                 permanently_set_uid(pw);
 #endif
+        } else if (options.chroot_directory != NULL &&
+            strcasecmp(options.chroot_directory, "none") != 0) {
+                fatal("server lacks privileges to chroot to ChrootDirectory");
         }
 
         if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)