1 From: Ricardo Cerqueira <rmcc@clix.pt>
3 A patch to cause sshd to chroot when it encounters the magic token
4 '/./' in a users home directory. The directory portion before the
5 token is the directory to chroot() to, the portion after the
6 token is the user's home directory relative to the new root.
9 ===================================================================
10 RCS file: /var/cvs/openssh/session.c,v
11 retrieving revision 1.4
12 diff -u -r1.4 session.c
13 --- session.c 2000/04/16 02:31:51 1.4
14 +++ session.c 2000/04/16 02:47:55
25 extern char **environ;
33 #ifndef USE_PAM /* pam_nologin handles this */
34 f = fopen("/etc/nologin", "r");
36 /* Set login name in the kernel. */
37 if (setlogin(pw->pw_name) < 0)
38 error("setlogin failed: %s", strerror(errno));
41 + user_dir = xstrdup(pw->pw_dir);
42 + new_root = user_dir + 1;
44 + while((new_root = strchr(new_root, '.')) != NULL) {
46 + if(strncmp(new_root, "/./", 3) == 0) {
50 + if(chroot(user_dir) != 0)
51 + fatal("Couldn't chroot to user directory %s", user_dir);
53 + pw->pw_dir = new_root;
60 /* Set uid, gid, and groups. */
61 /* Login(1) does this as well, and it needs uid 0 for the "-h"