- djm@cvs.openbsd.org 2013/03/06 23:35:23

[session.c] fatal() when ChrootDirectory specified by running without root privileges; ok markus@
author: Damien Miller <djm@mindrot.org> 2013-04-23 07:16:43 +0200
committer: Damien Miller <djm@mindrot.org> 2013-04-23 07:16:43 +0200
commit: 998cc56b65682d490c9bbf5977dceb1aa84a0233 (patch)
tree: eb582c3a35110e875bcb68688556d2e67babf559 /session.c
parent: - (djm) OpenBSD CVS Sync (diff)
download: openssh-998cc56b65682d490c9bbf5977dceb1aa84a0233.tar.xz
openssh-998cc56b65682d490c9bbf5977dceb1aa84a0233.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/session.c b/session.c
index 19eaa20c3..3064ea227 100644
--- a/session.c
+++ b/session.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */
+/* $OpenBSD: session.c,v 1.262 2013/03/06 23:35:23 djm Exp $ */
 /*
  * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
  *                    All rights reserved
@@ -1529,7 +1529,9 @@ do_setusercontext(struct passwd *pw)
 		/* Permanently switch to the desired uid. */
 		permanently_set_uid(pw);
 #endif
-	}
+	} else if (options.chroot_directory != NULL &&
+	    strcasecmp(options.chroot_directory, "none") != 0)
+		fatal("server lacks privileges to chroot to ChrootDirectory");
 
 	if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
 		fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
author	Damien Miller <djm@mindrot.org>	2013-04-23 07:16:43 +0200
committer	Damien Miller <djm@mindrot.org>	2013-04-23 07:16:43 +0200
commit	998cc56b65682d490c9bbf5977dceb1aa84a0233 (patch)
tree	eb582c3a35110e875bcb68688556d2e67babf559 /session.c
parent	- (djm) OpenBSD CVS Sync (diff)
download	openssh-998cc56b65682d490c9bbf5977dceb1aa84a0233.tar.xz openssh-998cc56b65682d490c9bbf5977dceb1aa84a0233.zip