repair broken ls in chroot %%h

2009-06-23 18:21:38 +00:00 · 2009-06-23 18:21:38 +00:00 · 5503a047df
parent 145212be4d
commit 5503a047df
2 changed files with 59 additions and 6 deletions
--- a/openssh-5.2p1-homechroot.patch
+++ b/openssh-5.2p1-homechroot.patch
@ -1,6 +1,16 @@
--- openssh-5.2p1/session.c	2009-03-20 18:08:11.263662384 +0100
-+++ openssh-5.2p1/session.c	2009-03-20 18:26:29.925498409 +0100
-@@ -1408,6 +1408,7 @@
+diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
+--- openssh-5.2p1/session.c.homechroot	2009-06-23 11:33:36.052163641 +0200
+++ openssh-5.2p1/session.c	2009-06-23 11:33:36.372159228 +0200
+@@ -1398,6 +1398,8 @@ do_nologin(struct passwd *pw)
+ 	}
+ }
+ 
+int	chroot_no_tree = 0;
+
+ /*
+  * Chroot into a directory after checking it for safety: all path components
+  * must be root-owned directories with strict permissions.
+@@ -1408,6 +1410,7 @@ safely_chroot(const char *path, uid_t ui
 	const char *cp;
 	char component[MAXPATHLEN];
 	struct stat st;
@ -8,7 +18,7 @@
 
 	if (*path != '/')
 		fatal("chroot path does not begin at root");
-@@ -1419,7 +1420,7 @@
+@@ -1419,7 +1422,7 @@ safely_chroot(const char *path, uid_t ui
 	 * root-owned directory with strict permissions.
 	 */
 	for (cp = path; cp != NULL;) {
@ -17,7 +27,7 @@
 			strlcpy(component, path, sizeof(component));
 		else {
 			cp++;
-@@ -1432,7 +1433,7 @@
+@@ -1432,13 +1435,15 @@ safely_chroot(const char *path, uid_t ui
 		if (stat(component, &st) != 0)
 			fatal("%s: stat(\"%s\"): %s", __func__,
 			    component, strerror(errno));
@ -26,3 +36,43 @@
 			fatal("bad ownership or modes for chroot "
 			    "directory %s\"%s\"", 
 			    cp == NULL ? "" : "component ", component);
+ 		if (!S_ISDIR(st.st_mode))
+ 			fatal("chroot path %s\"%s\" is not a directory",
+ 			    cp == NULL ? "" : "component ", component);
+		if (st.st_uid != uid)
+			++chroot_no_tree;
+ 
+ 	}
+ 
+diff -up openssh-5.2p1/sftp-server.c.homechroot openssh-5.2p1/sftp-server.c
+--- openssh-5.2p1/sftp-server.c.homechroot	2008-07-04 06:10:19.000000000 +0200
+++ openssh-5.2p1/sftp-server.c	2009-06-23 11:33:36.374154561 +0200
+@@ -887,6 +887,7 @@ process_opendir(void)
+ static void
+ process_readdir(void)
+ {
+	extern int chroot_no_tree;
+ 	DIR *dirp;
+ 	struct dirent *dp;
+ 	char *path;
+@@ -920,7 +921,7 @@ process_readdir(void)
+ 				continue;
+ 			stat_to_attrib(&st, &(stats[count].attrib));
+ 			stats[count].name = xstrdup(dp->d_name);
+-			stats[count].long_name = ls_file(dp->d_name, &st, 0);
+			stats[count].long_name = ls_file(dp->d_name, &st, chroot_no_tree);
+ 			count++;
+ 			/* send up to 100 entries in one message */
+ 			/* XXX check packet size instead */
+diff -up openssh-5.2p1/sftp-server-main.c.homechroot openssh-5.2p1/sftp-server-main.c
+--- openssh-5.2p1/sftp-server-main.c.homechroot	2009-02-21 22:47:02.000000000 +0100
+++ openssh-5.2p1/sftp-server-main.c	2009-06-23 11:33:36.378159051 +0200
+@@ -27,6 +27,8 @@
+ #include "sftp.h"
+ #include "misc.h"
+ 
+int chroot_no_tree = 0;
+
+ void
+ cleanup_exit(int i)
+ {
--- a/openssh.spec
+++ b/openssh.spec
@ -63,7 +63,7 @@
 Summary: An open source implementation of SSH protocol versions 1 and 2
 Name: openssh
 Version: 5.2p1
-Release: 3%{?dist}%{?rescue_rel}
+Release: 4%{?dist}%{?rescue_rel}
 URL: http://www.openssh.com/portable.html
 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@ -474,6 +474,9 @@ fi
 %endif

 %changelog
+* Tue Jun 23 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-4
+- repair broken ls in chroot %%h
+
 * Fri Apr  3 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-3
 - fix logging after chroot
 - enable non root users to use chroot %%h in internal-sftp