OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /e/openpkg/cvs Email: [EMAIL PROTECTED]
Module: openpkg-src Date: 23-Dec-2003 22:14:54
Branch: HEAD Handle: 2003122321145400
Modified files:
openpkg-src/openssh openssh.patch
Log:
also drop priviledges because chroot requires setuid root
Summary:
Revision Changes Path
1.7 +29 -20 openpkg-src/openssh/openssh.patch
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch
============================================================================
$ cvs diff -u -r1.6 -r1.7 openssh.patch
--- openpkg-src/openssh/openssh.patch 23 Dec 2003 20:48:40 -0000 1.6
+++ openpkg-src/openssh/openssh.patch 23 Dec 2003 21:14:54 -0000 1.7
@@ -38,31 +38,40 @@
* PAM credentials may take the form of supplementary groups.
Index: sftp-server.c
--- sftp-server.c.orig 2003-08-22 01:34:41.000000000 +0200
-+++ sftp-server.c 2003-12-23 21:42:19.000000000 +0100
-@@ -1037,6 +1037,29 @@
++++ sftp-server.c 2003-12-23 22:02:33.000000000 +0100
+@@ -1037,6 +1037,38 @@
log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
#endif
+#ifdef USE_CHROOT
+{
-+ char *user_dir;
-+ char *new_root;
-+ user_dir = getenv("HOME");
-+ if (user_dir == NULL)
-+ fatal("HOME variable not found in environment");
-+ new_root = user_dir + 1;
-+ while ((new_root = strchr(new_root, '.')) != NULL) {
-+ new_root--;
-+ if (strncmp(new_root, "/./", 3) == 0) {
-+ *new_root = '\0';
-+ new_root += 2;
-+ if (chroot(user_dir) == -1)
-+ fatal("Couldn't chroot to user directory \"%s\"",
user_dir);
-+ setenv("HOME", new_root, 1);
-+ break;
-+ }
-+ new_root += 2;
-+ }
++ char *user_dir;
++ char *new_root;
++ user_dir = getenv("HOME");
++ if (user_dir == NULL)
++ fatal("HOME variable not found in environment");
++ new_root = user_dir + 1;
++ while ((new_root = strchr(new_root, '.')) != NULL) {
++ new_root--;
++ if (strncmp(new_root, "/./", 3) == 0) {
++ *new_root = '\0';
++ new_root += 2;
++ if (geteuid() == 0) {
++ /* chroot to subdir and adjust HOME for remaining path
*/
++ if (chroot(user_dir) == -1)
++ fatal("Couldn't chroot to user directory
\"%s\": %s", user_dir, strerror(errno));
++ if (setuid(getuid()) == -1)
++ fatal("Couldn't drop privileges: %s",
strerror(errno));
++ setenv("HOME", new_root, 1);
++ }
++ else {
++ /* ignore chroot request and adjust HOME for
preceeding path */
++ setenv("HOME", user_dir, 1);
++ }
++ break;
++ }
++ new_root += 2;
++ }
+}
+#endif /* USE_CHROOT */
+
@@ .
______________________________________________________________________
The OpenPKG Project www.openpkg.org
CVS Repository Commit List [EMAIL PROTECTED]
