rpms / openssh

Clone
Source Code
GIT

Blame openssh-5.2p1-homechroot.patch

86_addmissingnb f10 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 f7 f8 f9 fix_f38_terrapin fix_f39_terrapin gsskexfix main master-future openssh85286 openssh96_rebase_combined openssh_96rebase openssh_rebase_90to93 openssh_rebase_90to93_cont openssh_rebase_90to93_fin private-controlpersist-4_3p2-9-branch private-master-vanilla private-openssh-4_5p1-6-controlpersist-branch rawhide sshkeysign_fix
  1.   5503a047df6c9ff898ff3f60d76b67bb6b77ea99
  2.   openssh-5.2p1-homechroot.patch
Blob History Raw
5503a04 
diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
5503a04 
--- openssh-5.2p1/session.c.homechroot	2009-06-23 11:33:36.052163641 +0200
5503a04 
+++ openssh-5.2p1/session.c	2009-06-23 11:33:36.372159228 +0200
5503a04 
@@ -1398,6 +1398,8 @@ do_nologin(struct passwd *pw)
5503a04 
 	}
5503a04 
 }
5503a04
5503a04 
+int	chroot_no_tree = 0;
5503a04 
+
5503a04 
 /*
5503a04 
  * Chroot into a directory after checking it for safety: all path components
5503a04 
  * must be root-owned directories with strict permissions.
5503a04 
@@ -1408,6 +1410,7 @@ safely_chroot(const char *path, uid_t ui
061e214 
 	const char *cp;
061e214 
 	char component[MAXPATHLEN];
061e214 
 	struct stat st;
061e214 
+	int last;
061e214
061e214 
 	if (*path != '/')
061e214 
 		fatal("chroot path does not begin at root");
5503a04 
@@ -1419,7 +1422,7 @@ safely_chroot(const char *path, uid_t ui
061e214 
 	 * root-owned directory with strict permissions.
061e214 
 	 */
061e214 
 	for (cp = path; cp != NULL;) {
061e214 
-		if ((cp = strchr(cp, '/')) == NULL)
061e214 
+		if (((last = ((cp = strchr(cp, '/')) == NULL))))
061e214 
 			strlcpy(component, path, sizeof(component));
061e214 
 		else {
061e214 
 			cp++;
5503a04 
@@ -1432,13 +1435,15 @@ safely_chroot(const char *path, uid_t ui
061e214 
 		if (stat(component, &st) != 0)
061e214 
 			fatal("%s: stat(\"%s\"): %s", __func__,
061e214 
 			    component, strerror(errno));
061e214 
-		if (st.st_uid != 0 || (st.st_mode & 022) != 0)
061e214 
+		if ((st.st_uid != 0 || (st.st_mode & 022) != 0) && !(last && st.st_uid == uid))
061e214 
 			fatal("bad ownership or modes for chroot "
061e214 
 			    "directory %s\"%s\"",
061e214 
 			    cp == NULL ? "" : "component ", component);
5503a04 
 		if (!S_ISDIR(st.st_mode))
5503a04 
 			fatal("chroot path %s\"%s\" is not a directory",
5503a04 
 			    cp == NULL ? "" : "component ", component);
5503a04 
+		if (st.st_uid != uid)
5503a04 
+			++chroot_no_tree;
5503a04
5503a04 
 	}
5503a04
5503a04 
diff -up openssh-5.2p1/sftp-server.c.homechroot openssh-5.2p1/sftp-server.c
5503a04 
--- openssh-5.2p1/sftp-server.c.homechroot	2008-07-04 06:10:19.000000000 +0200
5503a04 
+++ openssh-5.2p1/sftp-server.c	2009-06-23 11:33:36.374154561 +0200
5503a04 
@@ -887,6 +887,7 @@ process_opendir(void)
5503a04 
 static void
5503a04 
 process_readdir(void)
5503a04 
 {
5503a04 
+	extern int chroot_no_tree;
5503a04 
 	DIR *dirp;
5503a04 
 	struct dirent *dp;
5503a04 
 	char *path;
5503a04 
@@ -920,7 +921,7 @@ process_readdir(void)
5503a04 
 				continue;
5503a04 
 			stat_to_attrib(&st, &(stats[count].attrib));
5503a04 
 			stats[count].name = xstrdup(dp->d_name);
5503a04 
-			stats[count].long_name = ls_file(dp->d_name, &st, 0);
5503a04 
+			stats[count].long_name = ls_file(dp->d_name, &st, chroot_no_tree);
5503a04 
 			count++;
5503a04 
 			/* send up to 100 entries in one message */
5503a04 
 			/* XXX check packet size instead */
5503a04 
diff -up openssh-5.2p1/sftp-server-main.c.homechroot openssh-5.2p1/sftp-server-main.c
5503a04 
--- openssh-5.2p1/sftp-server-main.c.homechroot	2009-02-21 22:47:02.000000000 +0100
5503a04 
+++ openssh-5.2p1/sftp-server-main.c	2009-06-23 11:33:36.378159051 +0200
5503a04 
@@ -27,6 +27,8 @@
5503a04 
 #include "sftp.h"
5503a04 
 #include "misc.h"
5503a04
5503a04 
+int chroot_no_tree = 0;
5503a04 
+
5503a04 
 void
5503a04 
 cleanup_exit(int i)
5503a04 
 {
Powered by Pagure 5.14.1
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.