- djm@cvs.openbsd.org 2013/03/06 23:35:23

[session.c] fatal() when ChrootDirectory specified by running without root privileges; ok markus@
2025-07-29 16:54:51 +02:00 · 2013-04-23 15:16:43 +10:00 · 2013-04-23 15:16:43 +10:00 · 998cc56b65
commit 998cc56b65
parent 62e9c4f9b6
2 changed files with 8 additions and 2 deletions
--- a/4
+++ b/4
@ -6,6 +6,10 @@
   - markus@cvs.openbsd.org 2013/03/05 20:16:09
     [sshconnect2.c]
     reset pubkey order on partial success; ok djm@
+   - djm@cvs.openbsd.org 2013/03/06 23:35:23
+     [session.c]
+     fatal() when ChrootDirectory specified by running without root privileges;
+     ok markus@

 20130418
 - (djm) [config.guess config.sub] Update to last versions before they switch
--- a/session.c
+++ b/session.c
@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */
+/* $OpenBSD: session.c,v 1.262 2013/03/06 23:35:23 djm Exp $ */
 /*
 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
 *                    All rights reserved
@ -1529,7 +1529,9 @@ do_setusercontext(struct passwd *pw)
 		/* Permanently switch to the desired uid. */
 		permanently_set_uid(pw);
 #endif
-	}
+	} else if (options.chroot_directory != NULL &&
+	    strcasecmp(options.chroot_directory, "none") != 0)
+		fatal("server lacks privileges to chroot to ChrootDirectory");

 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);