summaryrefslogtreecommitdiff
path: root/usr.bin
diff options
context:
space:
mode:
authorMarkus Friedl <markus@cvs.openbsd.org>2002-05-29 11:21:58 +0000
committerMarkus Friedl <markus@cvs.openbsd.org>2002-05-29 11:21:58 +0000
commitaafb79f0f9e8b8e613ffe7e8ea9593ef282e0f1b (patch)
tree4a0944930344ea3ab2560d5f7f6f56f65595b8bd /usr.bin
parentcb9cc91b54ebf2d36a1bf964de83c98ce8243748 (diff)
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
Diffstat (limited to 'usr.bin')
-rw-r--r--usr.bin/ssh/sshd.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c
index 5afafec952a..42f2422aa7b 100644
--- a/usr.bin/ssh/sshd.c
+++ b/usr.bin/ssh/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.243 2002/05/22 23:18:25 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.244 2002/05/29 11:21:57 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -972,6 +972,19 @@ main(int ac, char **av)
}
}
+ if (use_privsep) {
+ struct passwd *pw;
+ struct stat st;
+
+ if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
+ fatal("Privilege separation user %s does not exist",
+ SSH_PRIVSEP_USER);
+ if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
+ (S_ISDIR(st.st_mode) == 0))
+ fatal("Missing privilege separation directory: %s",
+ _PATH_PRIVSEP_CHROOT_DIR);
+ }
+
/* Configuration looks good, so exit if in test mode. */
if (test_flag)
exit(0);