diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2004-11-19 15:37:38 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2004-11-19 15:37:38 +0000 |
| commit | ffd6f583e595712e6b925bae9da5e3499465d28f (patch) | |
| tree | 7d6dae020819ffe52ced9064ddd96d8a917b0883 | |
| parent | 630de13bd1ad27a3337f998f309abeba98ec9219 (diff) | |
unbreak -t; ok jakob, henning
| -rw-r--r-- | usr.sbin/bind/bin/named/include/named/globals.h | 2 | ||||
| -rw-r--r-- | usr.sbin/bind/bin/named/main.c | 2 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/isc/unix/include/isc/privsep.h | 2 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/isc/unix/privsep.c | 6 |
4 files changed, 6 insertions, 6 deletions
diff --git a/usr.sbin/bind/bin/named/include/named/globals.h b/usr.sbin/bind/bin/named/include/named/globals.h index 157f0e44bc2..8dd57568461 100644 --- a/usr.sbin/bind/bin/named/include/named/globals.h +++ b/usr.sbin/bind/bin/named/include/named/globals.h @@ -100,7 +100,7 @@ EXTERN isc_resourcevalue_t ns_g_initopenfiles INIT(0); * Misc. */ EXTERN isc_boolean_t ns_g_coreok INIT(ISC_TRUE); -EXTERN const char * ns_g_chrootdir INIT("/var/named"); +EXTERN const char * ns_g_chrootdir INIT(NULL); EXTERN isc_boolean_t ns_g_foreground INIT(ISC_FALSE); EXTERN isc_boolean_t ns_g_logstderr INIT(ISC_FALSE); diff --git a/usr.sbin/bind/bin/named/main.c b/usr.sbin/bind/bin/named/main.c index 10a7a1e2ddc..81ba46a1f7f 100644 --- a/usr.sbin/bind/bin/named/main.c +++ b/usr.sbin/bind/bin/named/main.c @@ -617,7 +617,7 @@ setup(void) { * Privilege separation */ isc_priv_init(ns_g_logstderr); - isc_drop_privs(ns_g_username); + isc_drop_privs(ns_g_username, ns_g_chrootdir); isc_socket_privsep(1); /* process is now unprivileged and inside a chroot */ diff --git a/usr.sbin/bind/lib/isc/unix/include/isc/privsep.h b/usr.sbin/bind/lib/isc/unix/include/isc/privsep.h index 5da4e2a6ed3..90f3a5dec2a 100644 --- a/usr.sbin/bind/lib/isc/unix/include/isc/privsep.h +++ b/usr.sbin/bind/lib/isc/unix/include/isc/privsep.h @@ -23,7 +23,7 @@ enum cmd_types { /* Privilege separation */ int isc_priv_init(int); -int isc_drop_privs(const char *username); +int isc_drop_privs(const char *username, const char *dir); struct sockaddr; int isc_priv_bind(int, struct sockaddr *, socklen_t); diff --git a/usr.sbin/bind/lib/isc/unix/privsep.c b/usr.sbin/bind/lib/isc/unix/privsep.c index 0f5892f742e..8b76b4bd24f 100644 --- a/usr.sbin/bind/lib/isc/unix/privsep.c +++ b/usr.sbin/bind/lib/isc/unix/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.4 2004/09/28 17:14:07 jakob Exp $ */ +/* $OpenBSD: privsep.c,v 1.5 2004/11/19 15:37:37 markus Exp $ */ /* * Copyright (c) 2004 Henning Brauer <henning@openbsd.org> @@ -122,7 +122,7 @@ isc_priv_init(int lstderr) } int -isc_drop_privs(const char *username) +isc_drop_privs(const char *username, const char *dir) { struct passwd *pw; @@ -131,7 +131,7 @@ isc_drop_privs(const char *username) exit(1); } - if (chroot(pw->pw_dir) == -1) + if (chroot(dir ? dir : pw->pw_dir) == -1) fatal("chroot failed"); if (chdir("/")) |