- stevesk@cvs.openbsd.org 2002/06/22 16:40:19

     [sshd.c]
     check /var/empty owner mode; ok provos@

diff --git a/ChangeLog b/ChangeLog
index 1debba342e4db2a288338281ac313a6f6933ed21..ac069a49df547008739034a626ff977d051f554f 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -15,6 +15,9 @@
    - stevesk@cvs.openbsd.org 2002/06/22 16:32:54
      [sshd.8]
      add /var/empty in FILES section
+   - stevesk@cvs.openbsd.org 2002/06/22 16:40:19
+     [sshd.c]
+     check /var/empty owner mode; ok provos@
 
 20020622
  - (djm) Update README.privsep; spotted by fries@

diff --git a/sshd.c b/sshd.c
index feea3ce2c5ca3aedafa5385e2fa201f6390240a0..d60b13d66a43e0e8f0fe66a96b8d4631a245654b 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -42,7 +42,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: sshd.c,v 1.246 2002/06/20 23:05:56 markus Exp $");
+RCSID("$OpenBSD: sshd.c,v 1.247 2002/06/22 16:40:19 stevesk Exp $");
 
 #include <openssl/dh.h>
 #include <openssl/bn.h>
@@ -1012,6 +1012,9 @@ main(int ac, char **av)
                    (S_ISDIR(st.st_mode) == 0))
                        fatal("Missing privilege separation directory: %s",
                            _PATH_PRIVSEP_CHROOT_DIR);
+               if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+                       fatal("Bad owner or mode for %s",
+                           _PATH_PRIVSEP_CHROOT_DIR);
        }
 
        /* Configuration looks good, so exit if in test mode. */