diff options
| author |   djm <djm@openbsd.org> | 2013-03-06 23:35:23 +0000 |
|---|---|---|
| committer | djm <djm@openbsd.org> | 2013-03-06 23:35:23 +0000 |
| commit | cee0d1bdeda6d2bc2440526fa3f658b3f6ad9f02 (patch) | |
| tree | 65874ec93eafd59696bbe6081e7988be775c56dc | |
| parent | Account for the size of the allocation when defending the pagedaemon reserve. (diff) | |
| download | wireguard-openbsd-cee0d1bdeda6d2bc2440526fa3f658b3f6ad9f02.tar.xz wireguard-openbsd-cee0d1bdeda6d2bc2440526fa3f658b3f6ad9f02.zip | |
fatal() when ChrootDirectory specified by running without root privileges;
ok markus@
| -rw-r--r-- | usr.bin/ssh/session.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/usr.bin/ssh/session.c b/usr.bin/ssh/session.c index 41bcd577bd3..5bc944093b9 100644 --- a/usr.bin/ssh/session.c +++ b/usr.bin/ssh/session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */ +/* $OpenBSD: session.c,v 1.262 2013/03/06 23:35:23 djm Exp $ */ /* * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * All rights reserved @@ -1216,7 +1216,10 @@ do_setusercontext(struct passwd *pw) perror("unable to set user context (setuser)"); exit(1); } - } + } else if (options.chroot_directory != NULL && + strcasecmp(options.chroot_directory, "none") != 0) + fatal("server lacks privileges to chroot to ChrootDirectory"); + if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); } |