- stevesk@cvs.openbsd.org 2002/06/22 16:40:19

[sshd.c]
     check /var/empty owner mode; ok provos@

ChangeLog

@@ -15,6 +15,9 @@
    - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
      [sshd.8]
      add /var/empty in FILES section
+   - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
+     [sshd.c]
+     check /var/empty owner mode; ok provos@
 
 20020622
  - (djm) Update README.privsep; spotted by fries@
@@ -1024,4 +1027,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2248 2002/06/23 00:32:57 mouring Exp $
+$Id: ChangeLog,v 1.2249 2002/06/23 00:33:47 mouring Exp $

sshd.c

@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.247 2002/06/22 16:40:19 stevesk Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1012,6 +1012,9 @@ main(int ac, char **av)
 		    (S_ISDIR(st.st_mode) == 0))
 			fatal("Missing privilege separation directory: %s",
 			    _PATH_PRIVSEP_CHROOT_DIR);
+		if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+			fatal("Bad owner or mode for %s",
+			    _PATH_PRIVSEP_CHROOT_DIR);
 	}
 
 	/* Configuration looks good, so exit if in test mode. */