Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / openssh / 2dfacb3d401c0b15140e23710eead071bd60f82e^! / .
commit2dfacb3d401c0b15140e23710eead071bd60f82e[log] [tgz]
authorBen Lindstrom <mouring@eviladmin.org>Sun Jun 23 00:33:47 2002 +0000
committerBen Lindstrom <mouring@eviladmin.org>Sun Jun 23 00:33:47 2002 +0000
treec3aa7e76d6f59e30217d5cf64aa410aa5c4a1acd
parent624e3f2065690308adfeb8eaa88b3ee943f9eaad [diff]
   - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
     [sshd.c]
     check /var/empty owner mode; ok provos@

diff --git a/ChangeLog b/ChangeLog
index ec7a5e0..e89683a 100644
--- a/ChangeLog
+++ b/ChangeLog

@@ -15,6 +15,9 @@
    - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
      [sshd.8]
      add /var/empty in FILES section
+   - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
+     [sshd.c]
+     check /var/empty owner mode; ok provos@
 
 20020622
  - (djm) Update README.privsep; spotted by fries@
@@ -1024,4 +1027,4 @@
  - (stevesk) entropy.c: typo in debug message
  - (djm) ssh-keygen -i needs seeded RNG; report from markus@
 
-$Id: ChangeLog,v 1.2248 2002/06/23 00:32:57 mouring Exp $
+$Id: ChangeLog,v 1.2249 2002/06/23 00:33:47 mouring Exp $

diff --git a/sshd.c b/sshd.c
index feea3ce..d60b13d 100644
--- a/sshd.c
+++ b/sshd.c

@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.247 2002/06/22 16:40:19 stevesk Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1012,6 +1012,9 @@
 		    (S_ISDIR(st.st_mode) == 0))
 			fatal("Missing privilege separation directory: %s",
 			    _PATH_PRIVSEP_CHROOT_DIR);
+		if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+			fatal("Bad owner or mode for %s",
+			    _PATH_PRIVSEP_CHROOT_DIR);
 	}
 
 	/* Configuration looks good, so exit if in test mode. */