[PATCH] improved chroot handling
Luc I. Suryo
luc at suryo.com
Thu Jun 27 10:03:30 EST 2002
Tony Finch <dot at dotat.at>
wrote at Thu, Jun 27, 2002 at 12:23:14AM +0100:
> On Wed, Jun 26, 2002 at 06:17:47PM -0500, Luc I. Suryo wrote:
> >
> > it is maybe me but the code:
> >
> > char emptydir[] = "/var/tmp/sshd.XXXXXXXXXX";
> >
> > is hard coded...and we want to use what is defined by
> >
> > _PATH_PRIVSEP_CHROOT_DIR
> >
> > yes?
>
> Why? The point is to make _PATH_PRIVSEP_CHROOT_DIR unnecessary.
there maybe ppl out there that want to make the path soemwhere else....
i personaly do like hardcoded thinks like that .... but that is just me.
>
> > and should not one make sure that there is no overflow in
> > emptydir??? malloc/free/strlen and that kinda of stuff
>
> I suggest you have a look at the manual page for mkdtemp().
Sure openssh test for mkdtemp an don soem system there is NO mkdtemp
like under Solaris ... i looked into openbsd-compat/mktemp.c
But again i still preffer to do over flow check before calling mkdtemp
as what is an OS does have mkdtemp but the implementation is broken ....
and one more thing ... :) chdir("/") shouldn't one first test if teh
location (current dir) is where we want to be .....
again my 25c....
--
Kind regards,
Luc Suryo
More information about the openssh-unix-dev
mailing list