On Tue, Apr 16, 2013 at 12:25:54PM +0800, f5b wrote:
> the user share can not sftp to the server,
> but same config in Mar 1 snapshot, sftp is ok.
it's caused by this change (feed it to patch -R to revert it), and it's
because the uid has already been set at this point. I haven't figured
out the right way to fix it, though. For now, I think we should revert
this. djm?
Index: session.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/session.c,v
retrieving revision 1.261
retrieving revision 1.262
diff -u -p -r1.261 -r1.262
--- session.c 2 Dec 2012 20:46:11 -0000 1.261
+++ session.c 6 Mar 2013 23:35:23 -0000 1.262
@@ -1,4 +1,4 @@
-/* $OpenBSD: session.c,v 1.261 2012/12/02 20:46:11 djm Exp $ */
+/* $OpenBSD: session.c,v 1.262 2013/03/06 23:35:23 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen <y...@cs.hut.fi>, Espoo, Finland
* All rights reserved
@@ -1216,7 +1216,10 @@ do_setusercontext(struct passwd *pw)
perror("unable to set user context (setuser)");
exit(1);
}
- }
+ } else if (options.chroot_directory != NULL &&
+ strcasecmp(options.chroot_directory, "none") != 0)
+ fatal("server lacks privileges to chroot to ChrootDirectory");
+
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
}
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
