The chroot-fix in 4.2 had a bug that refused to chroot although directory permissions were OK. This bug was also present in the previously attached patch. Attached is a fixed version.
cheers, Max
diff -ur scponly-4.0/scponly.c scponly-4.0-chrootfix/scponly.c --- scponly-4.0/scponly.c 2005-12-22 17:13:12.000000000 +0100 +++ scponly-4.0-chrootfix/scponly.c 2006-01-02 14:47:37.000000000 +0100 @@ -9,7 +9,8 @@ #include <stdio.h> // io #include <string.h> // for str* -#include <sys/types.h> // for fork, wait +#include <sys/types.h> // for fork, wait, stat +#include <sys/stat.h> // for stat #include <sys/wait.h> // for wait #include <unistd.h> // for exit, fork #include <stdlib.h> // EXIT_* @@ -98,6 +99,7 @@ { FILE *debugfile; int logopts = LOG_PID|LOG_NDELAY; + struct stat homedirstat; /* * set debuglevel. any nonzero number will result in debugging info to log @@ -194,6 +196,32 @@ } root_dir++; } + if (-1 == stat(chrootdir, &homedirstat)) + { + syslog (LOG_ERR, "couldnt stat chroot dir: %s with errno %u", chrootdir, errno); + exit(EXIT_FAILURE); + } + if (0 == (homedirstat.st_mode | S_IFDIR)) + { + syslog (LOG_ERR, "chroot dir is not a directory: %s", chrootdir); + exit(EXIT_FAILURE); + } + if (homedirstat.st_uid != 0) + { + syslog (LOG_ERR, "chroot dir not owned by root: %s", chrootdir); + exit(EXIT_FAILURE); + } + if (0 != (homedirstat.st_mode & S_IWOTH)) + { + syslog (LOG_ERR, "chroot dir writable by other: %s", chrootdir); + exit(EXIT_FAILURE); + } + if (0 != (homedirstat.st_mode & S_IWGRP)) + { + syslog (LOG_ERR, "chroot dir writable by group: %s", chrootdir); + exit(EXIT_FAILURE); + } + if (debuglevel) syslog (LOG_DEBUG, "chrooting to dir: \"%s\"", chrootdir); if (-1==(chroot(chrootdir)))