- stevesk@cvs.openbsd.org 2002/06/22 16:40:19
[sshd.c]
check /var/empty owner mode; ok provos@
diff --git a/ChangeLog b/ChangeLog
index ec7a5e0..e89683a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,9 @@
- stevesk@cvs.openbsd.org 2002/06/22 16:32:54
[sshd.8]
add /var/empty in FILES section
+ - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
+ [sshd.c]
+ check /var/empty owner mode; ok provos@
20020622
- (djm) Update README.privsep; spotted by fries@
@@ -1024,4 +1027,4 @@
- (stevesk) entropy.c: typo in debug message
- (djm) ssh-keygen -i needs seeded RNG; report from markus@
-$Id: ChangeLog,v 1.2248 2002/06/23 00:32:57 mouring Exp $
+$Id: ChangeLog,v 1.2249 2002/06/23 00:33:47 mouring Exp $
diff --git a/sshd.c b/sshd.c
index feea3ce..d60b13d 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.247 2002/06/22 16:40:19 stevesk Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -1012,6 +1012,9 @@
(S_ISDIR(st.st_mode) == 0))
fatal("Missing privilege separation directory: %s",
_PATH_PRIVSEP_CHROOT_DIR);
+ if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+ fatal("Bad owner or mode for %s",
+ _PATH_PRIVSEP_CHROOT_DIR);
}
/* Configuration looks good, so exit if in test mode. */