Home Explore Help
Sign In
openpkg
/
openpkg-packages
Watch 2
Star 0
Fork 0
Files Issues 0 Pull Requests 0
Browse Source

also drop priviledges because chroot requires setuid root

Ralf S. Engelschall 22 years ago
parent
2d2a67184f
commit
1014fa3213
1 changed files with 29 additions and 20 deletions
Split View Show Diff Stats
  1. 29 20
      openssh/openssh.patch

+ 29 - 20
openssh/openssh.patch
View File 

@@ -38,31 +38,40 @@ Index: session.c
 
  		 * PAM credentials may take the form of supplementary groups. 
 Index: sftp-server.c
 
 --- sftp-server.c.orig	2003-08-22 01:34:41.000000000 +0200
 
-+++ sftp-server.c	2003-12-23 21:42:19.000000000 +0100
 
-@@ -1037,6 +1037,29 @@
 
++++ sftp-server.c	2003-12-23 22:02:33.000000000 +0100
 
+@@ -1037,6 +1037,38 @@
 
  	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
 
  #endif
 
  
 +#ifdef USE_CHROOT
 
 +{
 
-+       	char *user_dir;
 
-+       	char *new_root;
 
-+       	user_dir = getenv("HOME");
 
-+			if (user_dir == NULL)
 
-+			    fatal("HOME variable not found in environment");
 
-+       	new_root = user_dir + 1;
 
-+       	while ((new_root = strchr(new_root, '.')) != NULL) {
 
-+       	    new_root--;
 
-+       	    if (strncmp(new_root, "/./", 3) == 0) {
 
-+       	        *new_root = '\0';
 
-+       	        new_root += 2;
 
-+       	        if (chroot(user_dir) == -1)
 
-+       	            fatal("Couldn't chroot to user directory \"%s\"", user_dir);
 
-+					setenv("HOME", new_root, 1);
 
-+       	        break;
 
-+       	    }
 
-+       	    new_root += 2;
 
-+       	}
 
++	char *user_dir;
 
++	char *new_root;
 
++	user_dir = getenv("HOME");
 
++	if (user_dir == NULL)
 
++		fatal("HOME variable not found in environment");
 
++	new_root = user_dir + 1;
 
++	while ((new_root = strchr(new_root, '.')) != NULL) {
 
++		new_root--;
 
++		if (strncmp(new_root, "/./", 3) == 0) {
 
++			*new_root = '\0';
 
++			new_root += 2;
 
++			if (geteuid() == 0) {
 
++				/* chroot to subdir and adjust HOME for remaining path */
 
++				if (chroot(user_dir) == -1)
 
++					fatal("Couldn't chroot to user directory \"%s\": %s", user_dir, strerror(errno));
 
++				if (setuid(getuid()) == -1)
 
++					fatal("Couldn't drop privileges: %s", strerror(errno));
 
++				setenv("HOME", new_root, 1);
 
++			}
 
++			else {
 
++				/* ignore chroot request and adjust HOME for preceeding path */
 
++				setenv("HOME", user_dir, 1);
 
++			}
 
++			break;
 
++		}
 
++		new_root += 2;
 
++	}
 
 +}
 
 +#endif /* USE_CHROOT */
 
 +