diff options
author | Markus Friedl <markus@cvs.openbsd.org> | 2002-05-29 11:21:58 +0000 |
---|---|---|
committer | Markus Friedl <markus@cvs.openbsd.org> | 2002-05-29 11:21:58 +0000 |
commit | aafb79f0f9e8b8e613ffe7e8ea9593ef282e0f1b (patch) | |
tree | 4a0944930344ea3ab2560d5f7f6f56f65595b8bd /usr.bin | |
parent | cb9cc91b54ebf2d36a1bf964de83c98ce8243748 (diff) |
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
Diffstat (limited to 'usr.bin')
-rw-r--r-- | usr.bin/ssh/sshd.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/usr.bin/ssh/sshd.c b/usr.bin/ssh/sshd.c index 5afafec952a..42f2422aa7b 100644 --- a/usr.bin/ssh/sshd.c +++ b/usr.bin/ssh/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.243 2002/05/22 23:18:25 deraadt Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.244 2002/05/29 11:21:57 markus Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -972,6 +972,19 @@ main(int ac, char **av) } } + if (use_privsep) { + struct passwd *pw; + struct stat st; + + if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) + fatal("Privilege separation user %s does not exist", + SSH_PRIVSEP_USER); + if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || + (S_ISDIR(st.st_mode) == 0)) + fatal("Missing privilege separation directory: %s", + _PATH_PRIVSEP_CHROOT_DIR); + } + /* Configuration looks good, so exit if in test mode. */ if (test_flag) exit(0); |