Howdy folks,
The chroot patch in the contrib directory had gotten stale and didn't apply
cleanly, so I've updated it... The attached patch works fine with 3.0p1.
Is there any reason this patch stays in the contrib directory rather than
being applied to the source? I find it incredibly useful.
Thanks for your hard work on OpenSSH!
Bret
PS: Please cc me with any responses as I'm not subscribed to the dev list.
--
Bret Mogilefsky * Mgr. SCEA Developer Support * mogul at gelatinous.com
-------------- next part --------------
--- session.c Sun Sep 16 15:17:15 2001
+++ session.c.patched Sat Oct 6 11:23:19 2001
@@ -92,6 +92,8 @@
# include <uinfo.h>
#endif
+#define CHROOT
+
/* types */
#define TTYSZ 64
@@ -1028,6 +1030,11 @@
extern char **environ;
struct stat st;
char *argv[10];
+#ifdef CHROOT
+ char *user_dir;
+ char *new_root;
+#endif /* CHROOT */
+
int do_xauth;
#ifdef WITH_IRIX_PROJECT
prid_t projid;
@@ -1102,6 +1109,28 @@
if (setlogin(pw->pw_name) < 0)
error("setlogin failed: %s", strerror(errno));
+
+#ifdef CHROOT
+ user_dir = xstrdup(pw->pw_dir);
+ new_root = user_dir + 1;
+
+ while((new_root = strchr(new_root, '.')) != NULL) {
+ new_root--;
+ if(strncmp(new_root, "/./", 3) == 0) {
+ *new_root = '\0';
+ new_root += 2;
+
+ if(chroot(user_dir) != 0)
+ fatal("Couldn't chroot to user directory %s", user_dir);
+
+ pw->pw_dir = new_root;
+ break;
+ }
+ new_root += 2;
+ }
+#endif /* CHROOT */
+
+
if (setgid(pw->pw_gid) < 0) {
perror("setgid");
exit(1);
Since it is not being maintained, I really want that patch no longer distribed in contrib/. Let someone maintain it externally from OpenSSH portable. - Ben On Sat, 17 Nov 2001, Bret Mogilefsky wrote:> Howdy folks, > > The chroot patch in the contrib directory had gotten stale and didn't apply > cleanly, so I've updated it... The attached patch works fine with 3.0p1. > > Is there any reason this patch stays in the contrib directory rather than > being applied to the source? I find it incredibly useful. > > Thanks for your hard work on OpenSSH! > > Bret > > PS: Please cc me with any responses as I'm not subscribed to the dev list. > -- > Bret Mogilefsky * Mgr. SCEA Developer Support * mogul at gelatinous.com >
On Wednesday, November 21, 2001, at 09:53 AM, <mouring at etoh.eviladmin.org> wrote:> Since it is not being maintained, I really want that patch no longer > distribed in contrib/. Let someone maintain it externally from OpenSSH > portable.I see the same has already been done for the SecurID patch. I find it difficult to time the patch release with the OpenSSH releases. I think it is a good idea to remove all such patches from contrib as it reduces confusion -- but they still exist. So, would it be possible to replace such patches with place holder README files that say how to get them? README.chroot README.securid etc. This way, a user can find out where to get it and who is responsible for that patch and then complain directly to him/her when it is out of date. my 2 cents. -- Theo Schlossnagle 1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984 2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7
Can I suggest a RESOURCES.readme file? With something like. The following patches are maintained by 3rd parties and you can download them from their websites. Chroot patch - http://....... SecurID patch - http:/..... ..etc.. That way people who want SRP and other addons know where to get them. It would still be in contrib/ location. - Ben On Wed, 21 Nov 2001, Theo Schlossnagle wrote:> > On Wednesday, November 21, 2001, at 09:53 AM, > <mouring at etoh.eviladmin.org> wrote: > > Since it is not being maintained, I really want that patch no longer > > distribed in contrib/. Let someone maintain it externally from OpenSSH > > portable. > > I see the same has already been done for the SecurID patch. I find it > difficult to time the patch release with the OpenSSH releases. > > I think it is a good idea to remove all such patches from contrib as it > reduces confusion -- but they still exist. So, would it be possible to > replace such patches with place holder README files that say how to get > them? > > README.chroot > README.securid > etc. > > This way, a user can find out where to get it and who is responsible for > that patch and then complain directly to him/her when it is out of date. > > my 2 cents. > > -- > Theo Schlossnagle > 1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984 > 2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7 > >
On Wednesday, November 21, 2001, at 11:41 AM, <mouring at etoh.eviladmin.org> wrote:> Can I suggest a RESOURCES.readme file? With something like. > > The following patches are maintained by 3rd parties and you can download > them from their websites. > > Chroot patch - http://....... > SecurID patch - http:/..... > ..etc.. > > That way people who want SRP and other addons know where to get them. > > It would still be in contrib/ location.I am fine with that idea. I do find the RESOURCES.readme to be a tad vague. When I step into the contrib directory looking for something like chroot or securid, a file called RESOURCES would stand out to me. You already have a README file in that directory, can we just add SecurID and move chroot to the bottom under "Externally maintained" and give URLs. It seems like this is more intuitive for the user and reuses an existing facility. -- Theo Schlossnagle 1024D/82844984/95FD 30F1 489E 4613 F22E 491A 7E88 364C 8284 4984 2047R/33131B65/71 F7 95 64 49 76 5D BA 3D 90 B9 9F BE 27 24 E7