diff options
author | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2006-08-31 12:55:03 +0000 |
---|---|---|
committer | Marco Pfatschbacher <mpf@cvs.openbsd.org> | 2006-08-31 12:55:03 +0000 |
commit | a008f842c1509b28f93c9d8b6b886e9d87f65ee0 (patch) | |
tree | e10c4b49649acbd7360ff041d85113edcec38bc3 | |
parent | 8f1b5f08005818e9f1f30cec646b83baa2863bab (diff) |
Only chroot the unprivileged part of sasyncd(8).
OK deraadt@ mcbride@ hshoexer@
-rw-r--r-- | usr.sbin/sasyncd/monitor.c | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/usr.sbin/sasyncd/monitor.c b/usr.sbin/sasyncd/monitor.c index e2251c069d1..53f082165a4 100644 --- a/usr.sbin/sasyncd/monitor.c +++ b/usr.sbin/sasyncd/monitor.c @@ -1,4 +1,4 @@ -/* $OpenBSD: monitor.c,v 1.9 2006/06/02 20:31:48 moritz Exp $ */ +/* $OpenBSD: monitor.c,v 1.10 2006/08/31 12:55:02 mpf Exp $ */ /* * Copyright (c) 2005 Håkan Olsson. All rights reserved. @@ -82,11 +82,6 @@ monitor_init(void) signal(SIGHUP, sig_to_child); signal(SIGINT, sig_to_child); - if (chroot(pw->pw_dir) != 0 || chdir("/") != 0) { - log_err("%s: chroot failed", __progname); - exit(1); - } - m_state.pid = fork(); if (m_state.pid == -1) { @@ -97,6 +92,11 @@ monitor_init(void) m_state.s = p[0]; close(p[1]); + if (chroot(pw->pw_dir) != 0 || chdir("/") != 0) { + log_err("%s: chroot failed", __progname); + exit(1); + } + if (setgroups(1, &pw->pw_gid) || setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) { |