diff options
| author | Damien Miller <djm@mindrot.org> | 2013-04-23 15:24:18 +1000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2013-04-23 15:24:18 +1000 |
| commit | a56086b9903b62c1c4fdedf01b68338fe4dc90e4 (patch) | |
| tree | 768e1aceeca703ff5d965f41c18b653062319301 /session.c | |
| parent | 0d6771b4648889ae5bc4235f9e3fc6cd82b710bd (diff) | |
| download | openssh-git-a56086b9903b62c1c4fdedf01b68338fe4dc90e4.tar.gz | |
- djm@cvs.openbsd.org 2013/04/19 01:03:01
[session.c]
reintroduce 1.262 without the connection-killing bug:
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@
Diffstat (limited to 'session.c')
| -rw-r--r-- | session.c | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.263 2013/04/17 09:04:09 dtucker Exp $ */ +/* $OpenBSD: session.c,v 1.264 2013/04/19 01:03:01 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -1513,6 +1513,9 @@ do_setusercontext(struct passwd *pw) safely_chroot(chroot_path, pw->pw_uid); free(tmp); free(chroot_path); + /* Make sure we don't attempt to chroot again */ + free(options.chroot_directory); + options.chroot_directory = NULL; } #ifdef HAVE_LOGIN_CAP @@ -1529,6 +1532,9 @@ do_setusercontext(struct passwd *pw) /* Permanently switch to the desired uid. */ permanently_set_uid(pw); #endif + } else if (options.chroot_directory != NULL && + strcasecmp(options.chroot_directory, "none") != 0) { + fatal("server lacks privileges to chroot to ChrootDirectory"); } if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) |