search for: _path_privsep_chroot_dir

...-r1.1.1.1 pathnames.h --- pathnames.h 24 Jun 2002 22:46:13 -0000 1.1.1.1 +++ pathnames.h 26 Jun 2002 17:58:59 -0000 @@ -145,11 +145,6 @@ #define _PATH_SFTP_SERVER "/usr/libexec/sftp-server" #endif -/* chroot directory for unprivileged user when UsePrivilegeSeparation=yes */ -#ifndef _PATH_PRIVSEP_CHROOT_DIR -#define _PATH_PRIVSEP_CHROOT_DIR "/var/empty" -#endif - #ifndef _PATH_LS #define _PATH_LS "ls" #endif Index: sshd.c =================================================================== RCS file: /home/ncvs/src/crypto/openssh-portable/sshd.c,v retrieving revision 1.1.1.1 dif...

OpenSSH 3.4 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. We would like to thank the OpenSSH community for their continued support and encouragement. Changes since OpenSSH 3.3: ============================

I need this for BSD/OS 4.2 + privsep perhaps we should not call do_setusercontext() after chroot(). --- sshd.c.orig Fri Jun 21 03:09:47 2002 +++ sshd.c Tue Jun 25 13:11:03 2002 @@ -548,21 +548,35 @@ /* Change our root directory*/ if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, strerror(errno)); if (chdir("/") == -1) fatal("chdir(\"/\"): %s", strerror(errno)); /* Drop our privileges */ debug3("privsep user:group %u:%u", (u_int)pw-&...

OpenSSH 7.5 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. OpenSSH also includes transitional support for the legacy SSH 1.3 and 1.5 protocols that may be enabled at compile-time. Once again, we would like to thank the OpenSSH community

...> > } else { > > @@ -1767,7 +1768,7 @@ main(int ac, char **av) > > key_type(key)); > > } > > > > - if (use_privsep) { > > + if (use_privsep && (getuid() == 0 || geteuid() == 0)) { > > struct stat st; > > > > if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) || > > === cut before === > > > > Best regards, > > > > -- Lionel > > ----- End forwarded message ----- > > > > Is there a chance this could be reenabled again? > > > > > > Thanks, > > Corinna __________...

...E_PRIVSEP */ static char * list_hostkey_types(void) @@ -1034,6 +1038,7 @@ } } +#ifndef DISABLE_PRIVSEP if (use_privsep) { struct passwd *pw; struct stat st; @@ -1056,6 +1061,7 @@ fatal("%s must be owned by root and not group or " "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); } +#endif /* DISABLE_PRIVSEP */ /* Configuration looks good, so exit if in test mode. */ if (test_flag) @@ -1468,9 +1474,11 @@ /* prepare buffers to collect authentication messages */ buffer_init(&loginmsg); +#ifndef DISABLE_PRIVSEP if (use_privsep) if ((authctxt = p...