- markus@cvs.openbsd.org 2002/05/29 11:21:57
[sshd.c]
don't start if privsep is enabled and SSH_PRIVSEP_USER or
_PATH_PRIVSEP_CHROOT_DIR are missing; ok deraadt@
diff --git a/sshd.c b/sshd.c
index 437e0f9..2f810b9 100644
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.243 2002/05/22 23:18:25 deraadt Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.244 2002/05/29 11:21:57 markus Exp $");
#include <openssl/dh.h>
#include <openssl/bn.h>
@@ -1001,6 +1001,19 @@
}
}
+ if (use_privsep) {
+ struct passwd *pw;
+ struct stat st;
+
+ if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
+ fatal("Privilege separation user %s does not exist",
+ SSH_PRIVSEP_USER);
+ if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
+ (S_ISDIR(st.st_mode) == 0))
+ fatal("Missing privilege separation directory: %s",
+ _PATH_PRIVSEP_CHROOT_DIR);
+ }
+
/* Configuration looks good, so exit if in test mode. */
if (test_flag)
exit(0);