diff options
| author | Damien Miller <djm@cvs.openbsd.org> | 2013-04-19 01:03:02 +0000 |
|---|---|---|
| committer | Damien Miller <djm@cvs.openbsd.org> | 2013-04-19 01:03:02 +0000 |
| commit | 697840420b88c4555866280c123a7b6770447e97 (patch) | |
| tree | 843c0d76150b71cafcb28761bc696ae4aba11a48 /usr.bin/ssh | |
| parent | fc3ff7747cb6a1e32f7de2f08e044809d0515c33 (diff) | |
reintroduce 1.262 without the connection-killing bug:
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/session.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 8052f8e58d9..04f8e0ebe1e 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.263 2013/04/17 09:04:09 dtucker Exp $ */ +/* $OpenBSD: session.c,v 1.264 2013/04/19 01:03:01 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -1209,6 +1209,9 @@ do_setusercontext(struct passwd *pw) safely_chroot(chroot_path, pw->pw_uid); free(tmp); free(chroot_path); + /* Make sure we don't attempt to chroot again */ + free(options.chroot_directory); + options.chroot_directory = NULL; } /* Set UID */ @@ -1216,7 +1219,11 @@ do_setusercontext(struct passwd *pw) perror("unable to set user context (setuser)"); exit(1); } + } else if (options.chroot_directory != NULL && + strcasecmp(options.chroot_directory, "none") != 0) { + fatal("server lacks privileges to chroot to ChrootDirectory"); } + if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); } |