From 998cc56b65682d490c9bbf5977dceb1aa84a0233 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 23 Apr 2013 15:16:43 +1000 Subject: - djm@cvs.openbsd.org 2013/03/06 23:35:23 [session.c] fatal() when ChrootDirectory specified by running without root privileges; ok markus@ --- ChangeLog | 4 ++++ session.c | 6 ++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 3f80a25c1..dbe5d8eae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ - markus@cvs.openbsd.org 2013/03/05 20:16:09 [sshconnect2.c] reset pubkey order on partial success; ok djm@ + - djm@cvs.openbsd.org 2013/03/06 23:35:23 + [session.c] + fatal() when ChrootDirectory specified by running without root privileges; + ok markus@ 20130418 - (djm) [config.guess config.sub] Update to last versions before they switch diff --git a/session.c b/session.c index 19eaa20c3..3064ea227 100644 --- a/session.c +++ b/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */ +/* $OpenBSD: session.c,v 1.262 2013/03/06 23:35:23 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland * All rights reserved @@ -1529,7 +1529,9 @@ do_setusercontext(struct passwd *pw) /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif - } + } else if (options.chroot_directory != NULL && + strcasecmp(options.chroot_directory, "none") != 0) + fatal("server lacks privileges to chroot to ChrootDirectory"); if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); -- cgit v1.2.3