|
|
d082211 |
From 459693c70c83b7d173ec10bb8089d4ce4e59d301 Mon Sep 17 00:00:00 2001
|
|
|
d082211 |
From: TJ Saunders <tj@castaglia.org>
|
|
|
d082211 |
Date: Tue, 2 May 2017 19:56:39 -0700
|
|
|
d082211 |
Subject: [PATCH] Bug#4306: AllowChrootSymlinks off could cause login failures
|
|
|
d082211 |
depending on filesystem permissions.
|
|
|
d082211 |
|
|
|
d082211 |
Use the IDs of the logging-in user to perform the directory walk, looking
|
|
|
d082211 |
for symlinks, to be more consistent with similar checks done during login.
|
|
|
d082211 |
---
|
|
|
d082211 |
modules/mod_auth.c | 6 +++++-
|
|
|
d082211 |
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
d082211 |
|
|
|
d082211 |
diff --git a/modules/mod_auth.c b/modules/mod_auth.c
|
|
|
d082211 |
index d93c630..2b76070 100644
|
|
|
d082211 |
--- a/modules/mod_auth.c
|
|
|
d082211 |
+++ b/modules/mod_auth.c
|
|
|
d082211 |
@@ -936,9 +936,13 @@ static int get_default_root(pool *p, int allow_symlinks, const char **root) {
|
|
|
d082211 |
path[pathlen-1] = '\0';
|
|
|
d082211 |
}
|
|
|
d082211 |
|
|
|
d082211 |
+ PRIVS_USER
|
|
|
d082211 |
res = is_symlink_path(p, path, pathlen);
|
|
|
d082211 |
+ xerrno = errno;
|
|
|
d082211 |
+ PRIVS_RELINQUISH
|
|
|
d082211 |
+
|
|
|
d082211 |
if (res < 0) {
|
|
|
d082211 |
- if (errno == EPERM) {
|
|
|
d082211 |
+ if (xerrno == EPERM) {
|
|
|
d082211 |
pr_log_pri(PR_LOG_WARNING, "error: DefaultRoot %s is a symlink "
|
|
|
d082211 |
"(denied by AllowChrootSymlinks config)", path);
|
|
|
d082211 |
}
|