diff options
author | Damien Miller <djm@mindrot.org> | 2013-04-23 15:24:18 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2013-04-23 15:24:18 +1000 |
commit | a56086b9903b62c1c4fdedf01b68338fe4dc90e4 (patch) | |
tree | 768e1aceeca703ff5d965f41c18b653062319301 /session.c | |
parent | 0d6771b4648889ae5bc4235f9e3fc6cd82b710bd (diff) |
- djm@cvs.openbsd.org 2013/04/19 01:03:01
[session.c]
reintroduce 1.262 without the connection-killing bug:
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@
Diffstat (limited to 'session.c')
-rw-r--r-- | session.c | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: session.c,v 1.263 2013/04/17 09:04:09 dtucker Exp $ */ | 1 | /* $OpenBSD: session.c,v 1.264 2013/04/19 01:03:01 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 3 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
4 | * All rights reserved | 4 | * All rights reserved |
@@ -1513,6 +1513,9 @@ do_setusercontext(struct passwd *pw) | |||
1513 | safely_chroot(chroot_path, pw->pw_uid); | 1513 | safely_chroot(chroot_path, pw->pw_uid); |
1514 | free(tmp); | 1514 | free(tmp); |
1515 | free(chroot_path); | 1515 | free(chroot_path); |
1516 | /* Make sure we don't attempt to chroot again */ | ||
1517 | free(options.chroot_directory); | ||
1518 | options.chroot_directory = NULL; | ||
1516 | } | 1519 | } |
1517 | 1520 | ||
1518 | #ifdef HAVE_LOGIN_CAP | 1521 | #ifdef HAVE_LOGIN_CAP |
@@ -1529,6 +1532,9 @@ do_setusercontext(struct passwd *pw) | |||
1529 | /* Permanently switch to the desired uid. */ | 1532 | /* Permanently switch to the desired uid. */ |
1530 | permanently_set_uid(pw); | 1533 | permanently_set_uid(pw); |
1531 | #endif | 1534 | #endif |
1535 | } else if (options.chroot_directory != NULL && | ||
1536 | strcasecmp(options.chroot_directory, "none") != 0) { | ||
1537 | fatal("server lacks privileges to chroot to ChrootDirectory"); | ||
1532 | } | 1538 | } |
1533 | 1539 | ||
1534 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) | 1540 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |