Updated chroot patch
Bret Mogilefsky
mogul at gelatinous.com
Sun Nov 18 09:00:31 EST 2001
Howdy folks,
The chroot patch in the contrib directory had gotten stale and didn't apply
cleanly, so I've updated it... The attached patch works fine with 3.0p1.
Is there any reason this patch stays in the contrib directory rather than
being applied to the source? I find it incredibly useful.
Thanks for your hard work on OpenSSH!
Bret
PS: Please cc me with any responses as I'm not subscribed to the dev list.
--
Bret Mogilefsky * Mgr. SCEA Developer Support * mogul at gelatinous.com
-------------- next part --------------
--- session.c Sun Sep 16 15:17:15 2001
+++ session.c.patched Sat Oct 6 11:23:19 2001
@@ -92,6 +92,8 @@
# include <uinfo.h>
#endif
+#define CHROOT
+
/* types */
#define TTYSZ 64
@@ -1028,6 +1030,11 @@
extern char **environ;
struct stat st;
char *argv[10];
+#ifdef CHROOT
+ char *user_dir;
+ char *new_root;
+#endif /* CHROOT */
+
int do_xauth;
#ifdef WITH_IRIX_PROJECT
prid_t projid;
@@ -1102,6 +1109,28 @@
if (setlogin(pw->pw_name) < 0)
error("setlogin failed: %s", strerror(errno));
+
+#ifdef CHROOT
+ user_dir = xstrdup(pw->pw_dir);
+ new_root = user_dir + 1;
+
+ while((new_root = strchr(new_root, '.')) != NULL) {
+ new_root--;
+ if(strncmp(new_root, "/./", 3) == 0) {
+ *new_root = '\0';
+ new_root += 2;
+
+ if(chroot(user_dir) != 0)
+ fatal("Couldn't chroot to user directory %s", user_dir);
+
+ pw->pw_dir = new_root;
+ break;
+ }
+ new_root += 2;
+ }
+#endif /* CHROOT */
+
+
if (setgid(pw->pw_gid) < 0) {
perror("setgid");
exit(1);
More information about the openssh-unix-dev
mailing list