diff options
author | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 02:42:37 +0000 |
---|---|---|
committer | Ben Lindstrom <mouring@eviladmin.org> | 2002-03-22 02:42:37 +0000 |
commit | 7a7edf77ed9e9c982beedb84f2bd384acb7cfcdb (patch) | |
tree | 1f05666fcea178a3034ee7fbb9fd14a830bedcd9 | |
parent | 01426a67c86850a06af757c2661409f87ed05414 (diff) | |
download | openssh-git-7a7edf77ed9e9c982beedb84f2bd384acb7cfcdb.tar.gz |
- stevesk@cvs.openbsd.org 2002/03/19 03:03:43
[pathnames.h servconf.c servconf.h sshd.c]
_PATH_PRIVSEP_CHROOT_DIR; ok provos@
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | pathnames.h | 5 | ||||
-rw-r--r-- | servconf.c | 12 | ||||
-rw-r--r-- | servconf.h | 3 | ||||
-rw-r--r-- | sshd.c | 7 |
5 files changed, 15 insertions, 17 deletions
@@ -75,6 +75,9 @@ [servconf.c] UnprivUser/UnprivGroup usable now--specify numeric user/group; ok provos@ + - stevesk@cvs.openbsd.org 2002/03/19 03:03:43 + [pathnames.h servconf.c servconf.h sshd.c] + _PATH_PRIVSEP_CHROOT_DIR; ok provos@ 20020317 - (tim) [configure.ac] Assume path given with --with-pid-dir=PATH is wanted, @@ -7921,4 +7924,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1946 2002/03/22 02:40:03 mouring Exp $ +$Id: ChangeLog,v 1.1947 2002/03/22 02:42:37 mouring Exp $ diff --git a/pathnames.h b/pathnames.h index 002c313a..943830c0 100644 --- a/pathnames.h +++ b/pathnames.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pathnames.h,v 1.11 2002/02/09 17:37:34 deraadt Exp $ */ +/* $OpenBSD: pathnames.h,v 1.12 2002/03/19 03:03:43 stevesk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -139,6 +139,9 @@ #ifndef _PATH_SFTP_SERVER #define _PATH_SFTP_SERVER "/usr/libexec/sftp-server" #endif + +/* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */ +#define _PATH_PRIVSEP_CHROOT_DIR "/var/empty" #ifndef _PATH_LS #define _PATH_LS "ls" #endif @@ -10,7 +10,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: servconf.c,v 1.103 2002/03/18 23:52:51 stevesk Exp $"); +RCSID("$OpenBSD: servconf.c,v 1.104 2002/03/19 03:03:43 stevesk Exp $"); #if defined(KRB4) || defined(KRB5) #include <krb.h> @@ -115,7 +115,6 @@ initialize_server_options(ServerOptions *options) options->unprivileged_user = -1; options->unprivileged_group = -1; - options->unprivileged_dir = NULL; /* Needs to be accessable in many places */ use_privsep = -1; @@ -252,8 +251,6 @@ fill_default_server_options(ServerOptions *options) options->unprivileged_user = 32767; if (options->unprivileged_group == -1) options->unprivileged_group = 32767; - if (options->unprivileged_dir == NULL) - options->unprivileged_dir = "/var/empty"; } /* Keyword tokens. */ @@ -286,7 +283,7 @@ typedef enum { sBanner, sVerifyReverseMapping, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, - sUsePrivilegeSeparation, sUnprivUser, sUnprivGroup, sUnprivDir, + sUsePrivilegeSeparation, sUnprivUser, sUnprivGroup, sDeprecated } ServerOpCodes; @@ -365,7 +362,6 @@ static struct { { "useprivilegeseparation", sUsePrivilegeSeparation}, { "unprivuser", sUnprivUser}, { "unprivgroup", sUnprivGroup}, - { "unprivdir", sUnprivDir}, { NULL, sBadOption } }; @@ -754,10 +750,6 @@ parse_flag: intptr = &options->unprivileged_group; goto parse_int; - case sUnprivDir: - charptr = &options->unprivileged_dir; - goto parse_filename; - case sAllowUsers: while ((arg = strdelim(&cp)) && *arg != '\0') { if (options->num_allow_users >= MAX_ALLOW_USERS) @@ -1,4 +1,4 @@ -/* $OpenBSD: servconf.h,v 1.55 2002/03/18 17:50:31 provos Exp $ */ +/* $OpenBSD: servconf.h,v 1.56 2002/03/19 03:03:43 stevesk Exp $ */ /* * Author: Tatu Ylonen <ylo@cs.hut.fi> @@ -133,7 +133,6 @@ typedef struct { int unprivileged_user; /* User unprivileged child uses */ int unprivileged_group; /* Group unprivileged child uses */ - char *unprivileged_dir; /* Chroot dir for unprivileged user */ } ServerOptions; void initialize_server_options(ServerOptions *); @@ -42,7 +42,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: sshd.c,v 1.231 2002/03/18 17:50:31 provos Exp $"); +RCSID("$OpenBSD: sshd.c,v 1.232 2002/03/19 03:03:43 stevesk Exp $"); #include <openssl/dh.h> #include <openssl/bn.h> @@ -533,8 +533,9 @@ privsep_preauth_child(void) demote_sensitive_data(); /* Change our root directory*/ - if (chroot(options.unprivileged_dir) == -1) - fatal("chroot(/var/empty)"); + if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) + fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, + strerror(errno)); if (chdir("/") == -1) fatal("chdir(/)"); |