Updated chroot patch

Bret Mogilefsky mogul at gelatinous.com
Sun Nov 18 09:00:31 EST 2001


Howdy folks,

The chroot patch in the contrib directory had gotten stale and didn't apply
cleanly, so I've updated it... The attached patch works fine with 3.0p1.

Is there any reason this patch stays in the contrib directory rather than
being applied to the source?  I find it incredibly useful.

Thanks for your hard work on OpenSSH!

Bret

PS: Please cc me with any responses as I'm not subscribed to the dev list.
-- 
Bret Mogilefsky * Mgr. SCEA Developer Support * mogul at gelatinous.com
-------------- next part --------------
--- session.c	Sun Sep 16 15:17:15 2001
+++ session.c.patched	Sat Oct  6 11:23:19 2001
@@ -92,6 +92,8 @@
 # include <uinfo.h>
 #endif
 
+#define CHROOT
+
 /* types */
 
 #define TTYSZ 64
@@ -1028,6 +1030,11 @@
 	extern char **environ;
 	struct stat st;
 	char *argv[10];
+#ifdef CHROOT
+	char *user_dir;
+	char *new_root;
+#endif /* CHROOT */
+
 	int do_xauth;
 #ifdef WITH_IRIX_PROJECT
 	prid_t projid;
@@ -1102,6 +1109,28 @@
 
 			if (setlogin(pw->pw_name) < 0)
 				error("setlogin failed: %s", strerror(errno));
+
+#ifdef CHROOT
+			user_dir = xstrdup(pw->pw_dir);
+			new_root = user_dir + 1;  										  
+
+			while((new_root = strchr(new_root, '.')) != NULL) {
+				new_root--;
+				if(strncmp(new_root, "/./", 3) == 0) {
+					*new_root = '\0';
+					new_root += 2;
+
+					if(chroot(user_dir) != 0)
+						fatal("Couldn't chroot to user directory %s", user_dir);
+
+					pw->pw_dir = new_root;
+					break;
+				}
+				new_root += 2;
+			}
+#endif /* CHROOT */			
+
+
 			if (setgid(pw->pw_gid) < 0) {
 				perror("setgid");
 				exit(1);


More information about the openssh-unix-dev mailing list