The chroot-fix in 4.2 had a bug that refused to chroot although
directory permissions were OK. This bug was also present in the
previously attached patch. Attached is a fixed version.
cheers,
Max
diff -ur scponly-4.0/scponly.c scponly-4.0-chrootfix/scponly.c
--- scponly-4.0/scponly.c 2005-12-22 17:13:12.000000000 +0100
+++ scponly-4.0-chrootfix/scponly.c 2006-01-02 14:47:37.000000000 +0100
@@ -9,7 +9,8 @@
#include <stdio.h> // io
#include <string.h> // for str*
-#include <sys/types.h> // for fork, wait
+#include <sys/types.h> // for fork, wait, stat
+#include <sys/stat.h> // for stat
#include <sys/wait.h> // for wait
#include <unistd.h> // for exit, fork
#include <stdlib.h> // EXIT_*
@@ -98,6 +99,7 @@
{
FILE *debugfile;
int logopts = LOG_PID|LOG_NDELAY;
+ struct stat homedirstat;
/*
* set debuglevel. any nonzero number will result in debugging info to
log
@@ -194,6 +196,32 @@
}
root_dir++;
}
+ if (-1 == stat(chrootdir, &homedirstat))
+ {
+ syslog (LOG_ERR, "couldnt stat chroot dir: %s with
errno %u", chrootdir, errno);
+ exit(EXIT_FAILURE);
+ }
+ if (0 == (homedirstat.st_mode | S_IFDIR))
+ {
+ syslog (LOG_ERR, "chroot dir is not a directory: %s",
chrootdir);
+ exit(EXIT_FAILURE);
+ }
+ if (homedirstat.st_uid != 0)
+ {
+ syslog (LOG_ERR, "chroot dir not owned by root: %s",
chrootdir);
+ exit(EXIT_FAILURE);
+ }
+ if (0 != (homedirstat.st_mode & S_IWOTH))
+ {
+ syslog (LOG_ERR, "chroot dir writable by other: %s",
chrootdir);
+ exit(EXIT_FAILURE);
+ }
+ if (0 != (homedirstat.st_mode & S_IWGRP))
+ {
+ syslog (LOG_ERR, "chroot dir writable by group: %s",
chrootdir);
+ exit(EXIT_FAILURE);
+ }
+
if (debuglevel)
syslog (LOG_DEBUG, "chrooting to dir: \"%s\"",
chrootdir);
if (-1==(chroot(chrootdir)))
