diff -urN openssh-3.8.1p1-orig/Makefile.in openssh-3.8.1p1/Makefile.in --- openssh-3.8.1p1-orig/Makefile.in 2004-02-17 22:35:11.000000000 -0500 +++ openssh-3.8.1p1/Makefile.in 2004-07-27 00:17:03.000000000 -0400 @@ -155,8 +155,8 @@ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) -sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o - $(LD) -o $@ sftp-server.o sftp-common.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) +sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o uidswap.o + $(LD) -o $@ sftp-server.o sftp-common.o uidswap.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff -urN openssh-3.8.1p1-orig/sftp-server.c openssh-3.8.1p1/sftp-server.c --- openssh-3.8.1p1-orig/sftp-server.c 2004-02-23 17:19:15.000000000 -0500 +++ openssh-3.8.1p1/sftp-server.c 2004-07-27 00:45:32.000000000 -0400 @@ -21,6 +21,7 @@ #include "getput.h" #include "log.h" #include "xmalloc.h" +#include "uidswap.h" #include "sftp.h" #include "sftp-common.h" @@ -1013,12 +1014,37 @@ buffer_consume(&iqueue, msg_len - consumed); } +static void +do_chroot(const char *chroot_directory) +{ + + TRACE("chrooting to %s", chroot_directory); + + if (chdir(chroot_directory)) + fatal("chdir(%s) falied: %s", chroot_directory, strerror(errno)); + if (chroot(chroot_directory)) + fatal("chroot(%s) failed: %s", chroot_directory, strerror(errno)); +} + +static struct passwd * +xgetpwuid(uid_t uid) +{ + struct passwd *pwent; + + pwent = getpwuid(uid); + if (pwent == NULL) + fatal("getpwuid(%d) failed: %s", uid, strerror(errno)); + + return pwent; +} + int main(int ac, char **av) { fd_set *rset, *wset; int in, out, max; ssize_t len, olen, set_size; + struct passwd *pwent; /* XXX should use getopt */ @@ -1029,6 +1055,11 @@ log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0); #endif + pwent = xgetpwuid(getuid()); + if (ac >= 2) + do_chroot(av[1]); + permanently_set_uid(pwent); + in = dup(STDIN_FILENO); out = dup(STDOUT_FILENO);