]> git.pld-linux.org Git - packages/openssh.git/blobdiff - openssh-chroot.patch
projects / packages / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- openssh-lpk-4.3p1-0.3.7.patch replaced by openssh-lpk.patch
[packages/openssh.git] / openssh-chroot.patch
diff --git a/openssh-chroot.patch b/openssh-chroot.patch
index 702c7fb68a35ab219d747779b1d23a8ed05ac99c..92af31d037f6ef9b9a17ea55ec2f53e3a6ad20ee 100644 (file)
--- a/openssh-chroot.patch
+++ b/openssh-chroot.patch
@@ -62,25 +62,25 @@
        int     use_dns;
        int     client_alive_interval;  /*
                                         * poke the client this often to
---- openssh-4.0p1/session.c.orig       2005-03-06 12:38:52.000000000 +0100
-+++ openssh-4.0p1/session.c    2005-03-10 15:14:04.000000000 +0100
-@@ -1258,6 +1258,10 @@
- void
+--- ./session.c.org    2008-05-05 16:22:11.935003283 +0200
++++ ./session.c        2008-05-05 16:32:50.025507650 +0200
+@@ -1345,6 +1345,10 @@ void
  do_setusercontext(struct passwd *pw)
  {
+       char *chroot_path, *tmp;
 +#ifdef CHROOT
 +      char *user_dir;
 +      char *new_root;
 +#endif /* CHROOT */
- #ifndef HAVE_CYGWIN
-       if (getuid() == 0 || geteuid() == 0)
#endif /* HAVE_CYGWIN */
-@@ -1315,6 +1319,26 @@
-                       restore_uid();
-               }
- #endif
+ #ifdef WITH_SELINUX
      /* Cache selinux status for later use */
+@@ -1425,8 +1429,28 @@ do_setusercontext(struct passwd *pw)
+                       safely_chroot(chroot_path, pw->pw_uid);
+                       free(tmp);
+                       free(chroot_path);
 +#ifdef CHROOT
-+              if (options.use_chroot) {
++              } else if (options.use_chroot) {
 +                      user_dir = xstrdup(pw->pw_dir);
 +                      new_root = user_dir + 1;
 +
@@ -92,29 +92,31 @@
 +
 +                                      if(chroot(user_dir) != 0)
 +                                              fatal("Couldn't chroot to user directory %s", user_dir);
-+                                              pw->pw_dir = new_root;
-+                                              break;
-+                                      }
-+                                      new_root += 2;
++                                      pw->pw_dir = new_root;
++                                      break;
++                              }
++                              new_root += 2;
 +                      }
-+              }
 +#endif /* CHROOT */
- # ifdef USE_PAM
-               /*
-                * PAM credentials may take the form of supplementary groups.
+               }
++
+ #ifdef HAVE_LOGIN_CAP
+               if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
+                       perror("unable to set user context (setuser)");
 --- openssh-3.7.1p2/sshd_config        2003-09-02 14:51:18.000000000 +0200
 +++ openssh-3.7.1p2.pius/sshd_config   2003-10-07 20:49:08.000000000 +0200
-@@ -71,6 +71,10 @@
- # bypass the setting of 'PasswordAuthentication'
#UsePAM yes
+@@ -91,6 +91,10 @@
+ # and ChallengeResponseAuthentication to 'no'.
+ UsePAM yes
  
 +# Set this to 'yes' to enable support for chrooted user environment.
-+# You must create such environment before you can use this feature. 
++# You must create such environment before you can use this feature.
 +#UseChroot yes
 +
- #AllowTcpForwarding yes
- #GatewayPorts no
- #X11Forwarding no
+ #AllowAgentForwarding yes
+ # Security advisory:
+ # http://securitytracker.com/alerts/2004/Sep/1011143.html
 --- openssh-4.4p1/sshd_config.0.orig   2006-09-26 13:03:48.000000000 +0200
 +++ openssh-4.4p1/sshd_config.0        2006-10-05 10:11:41.615971000 +0200
 @@ -451,6 +451,16 @@
OpenSSH free Secure Shell (SSH) implementation
This page took 0.115685 seconds and 4 git commands to generate.