diff options
| author |   markus <markus@openbsd.org> | 2004-11-19 15:37:36 +0000 |
|---|---|---|
| committer | markus <markus@openbsd.org> | 2004-11-19 15:37:36 +0000 |
| commit | 52e0a6e78c0667ffbb5f270ae97c70f3ba55b7bf (patch) | |
| tree | 1f1c14acb0fae69a6ca2bdf3edb2dc47c6c35fa4 | |
| parent | Rename struct as_filter to struct filter_as. (diff) | |
| download | wireguard-openbsd-52e0a6e78c0667ffbb5f270ae97c70f3ba55b7bf.tar.xz wireguard-openbsd-52e0a6e78c0667ffbb5f270ae97c70f3ba55b7bf.zip | |
unbreak -t; ok jakob, henning
| -rw-r--r-- | usr.sbin/bind/bin/named/include/named/globals.h | 2 | ||||
| -rw-r--r-- | usr.sbin/bind/bin/named/main.c | 2 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/isc/unix/include/isc/privsep.h | 2 | ||||
| -rw-r--r-- | usr.sbin/bind/lib/isc/unix/privsep.c | 6 |
4 files changed, 6 insertions, 6 deletions
diff --git a/usr.sbin/bind/bin/named/include/named/globals.h b/usr.sbin/bind/bin/named/include/named/globals.h index 157f0e44bc2..8dd57568461 100644 --- a/usr.sbin/bind/bin/named/include/named/globals.h +++ b/usr.sbin/bind/bin/named/include/named/globals.h @@ -100,7 +100,7 @@ EXTERN isc_resourcevalue_t ns_g_initopenfiles INIT(0); * Misc. */ EXTERN isc_boolean_t ns_g_coreok INIT(ISC_TRUE); -EXTERN const char * ns_g_chrootdir INIT("/var/named"); +EXTERN const char * ns_g_chrootdir INIT(NULL); EXTERN isc_boolean_t ns_g_foreground INIT(ISC_FALSE); EXTERN isc_boolean_t ns_g_logstderr INIT(ISC_FALSE); diff --git a/usr.sbin/bind/bin/named/main.c b/usr.sbin/bind/bin/named/main.c index 10a7a1e2ddc..81ba46a1f7f 100644 --- a/usr.sbin/bind/bin/named/main.c +++ b/usr.sbin/bind/bin/named/main.c @@ -617,7 +617,7 @@ setup(void) { * Privilege separation */ isc_priv_init(ns_g_logstderr); - isc_drop_privs(ns_g_username); + isc_drop_privs(ns_g_username, ns_g_chrootdir); isc_socket_privsep(1); /* process is now unprivileged and inside a chroot */ diff --git a/usr.sbin/bind/lib/isc/unix/include/isc/privsep.h b/usr.sbin/bind/lib/isc/unix/include/isc/privsep.h index 5da4e2a6ed3..90f3a5dec2a 100644 --- a/usr.sbin/bind/lib/isc/unix/include/isc/privsep.h +++ b/usr.sbin/bind/lib/isc/unix/include/isc/privsep.h @@ -23,7 +23,7 @@ enum cmd_types { /* Privilege separation */ int isc_priv_init(int); -int isc_drop_privs(const char *username); +int isc_drop_privs(const char *username, const char *dir); struct sockaddr; int isc_priv_bind(int, struct sockaddr *, socklen_t); diff --git a/usr.sbin/bind/lib/isc/unix/privsep.c b/usr.sbin/bind/lib/isc/unix/privsep.c index 0f5892f742e..8b76b4bd24f 100644 --- a/usr.sbin/bind/lib/isc/unix/privsep.c +++ b/usr.sbin/bind/lib/isc/unix/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.4 2004/09/28 17:14:07 jakob Exp $ */ +/* $OpenBSD: privsep.c,v 1.5 2004/11/19 15:37:37 markus Exp $ */ /* * Copyright (c) 2004 Henning Brauer <henning@openbsd.org> @@ -122,7 +122,7 @@ isc_priv_init(int lstderr) } int -isc_drop_privs(const char *username) +isc_drop_privs(const char *username, const char *dir) { struct passwd *pw; @@ -131,7 +131,7 @@ isc_drop_privs(const char *username) exit(1); } - if (chroot(pw->pw_dir) == -1) + if (chroot(dir ? dir : pw->pw_dir) == -1) fatal("chroot failed"); if (chdir("/")) |