From 2dfacb3d401c0b15140e23710eead071bd60f82e Mon Sep 17 00:00:00 2001 From: Ben Lindstrom Date: Sun, 23 Jun 2002 00:33:47 +0000 Subject: [PATCH] - stevesk@cvs.openbsd.org 2002/06/22 16:40:19 [sshd.c] check /var/empty owner mode; ok provos@ --- ChangeLog | 5 ++++- sshd.c | 5 ++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index ec7a5e0aa..e89683a86 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,9 @@ - stevesk@cvs.openbsd.org 2002/06/22 16:32:54 [sshd.8] add /var/empty in FILES section + - stevesk@cvs.openbsd.org 2002/06/22 16:40:19 + [sshd.c] + check /var/empty owner mode; ok provos@ 20020622 - (djm) Update README.privsep; spotted by fries@ @@ -1024,4 +1027,4 @@ - (stevesk) entropy.c: typo in debug message - (djm) ssh-keygen -i needs seeded RNG; report from markus@ -$Id: ChangeLog,v 1.2248 2002/06/23 00:32:57 mouring Exp $ +$Id: ChangeLog,v 1.2249 2002/06/23 00:33:47 mouring Exp $ diff --git a/sshd.c b/sshd.c index feea3ce2c..d60b13d66 100644 --- a/sshd.c +++ b/sshd.c @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.247 2002/06/22 16:40:19 stevesk Exp $"); #include #include @@ -1012,6 +1012,9 @@ main(int ac, char **av) (S_ISDIR(st.st_mode) == 0)) fatal("Missing privilege separation directory: %s", _PATH_PRIVSEP_CHROOT_DIR); + if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0) + fatal("Bad owner or mode for %s", + _PATH_PRIVSEP_CHROOT_DIR); } /* Configuration looks good, so exit if in test mode. */