Attachment #3110 for bug #2777

View | Details | Raw Unified | Return to bug 2777
Collapse All | Expand All




		if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
			fatal("Privilege separation user %s does not exist",
			    SSH_PRIVSEP_USER);
		pw = pwcopy(pw); /* Ensure mutable */
		endpwent();
		freezero(pw->pw_passwd, strlen(pw->pw_passwd));

		/* Change our root directory */
		if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)

		if (getpwnam(SSH_PRIVSEP_USER) == NULL)
			fatal("Privilege separation user %s does not exist",
			    SSH_PRIVSEP_USER);
		endpwent();
		if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
		    (S_ISDIR(st.st_mode) == 0))
			fatal("Missing privilege separation directory: %s",

Return to bug 2777

Lines 502-509 privsep_preauth_child(void) Link Here

(-)a/sshd.c (-1 / +3 lines)
502	if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)	502	if ((pw = getpwnam(SSH_PRIVSEP_USER)) == NULL)
503	fatal("Privilege separation user %s does not exist",	503	fatal("Privilege separation user %s does not exist",
504	SSH_PRIVSEP_USER);	504	SSH_PRIVSEP_USER);
505	explicit_bzero(pw->pw_passwd, strlen(pw->pw_passwd));	505	pw = pwcopy(pw); /* Ensure mutable */
506	endpwent();	506	endpwent();
		507	freezero(pw->pw_passwd, strlen(pw->pw_passwd));
507		508
508	/* Change our root directory */	509	/* Change our root directory */
509	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)	510	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
Lines 1674-1679 main(int ac, char **av) Link Here
1674	if (getpwnam(SSH_PRIVSEP_USER) == NULL)	1675	if (getpwnam(SSH_PRIVSEP_USER) == NULL)
1675	fatal("Privilege separation user %s does not exist",	1676	fatal("Privilege separation user %s does not exist",
1676	SSH_PRIVSEP_USER);	1677	SSH_PRIVSEP_USER);
		1678	endpwent();
1677	if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) \|\|	1679	if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) \|\|
1678	(S_ISDIR(st.st_mode) == 0))	1680	(S_ISDIR(st.st_mode) == 0))
1679	fatal("Missing privilege separation directory: %s",	1681	fatal("Missing privilege separation directory: %s",