diff options
| author | Roy Marples <roy@marples.name> | 2020-03-30 17:12:26 +0100 |
|---|---|---|
| committer | Roy Marples <roy@marples.name> | 2020-03-30 17:12:26 +0100 |
| commit | 5ac1a5cd6fe054c5ece0de679d5294cfca797772 (patch) | |
| tree | 16e3ae3db153e83a80e44b1ef551f63b7b668758 | |
| parent | a5d176e3344ede375b693c0e925579ed5cf0c5f5 (diff) | |
| download | dhcpcd-5ac1a5cd6fe054c5ece0de679d5294cfca797772.tar.xz | |
privsep: Refuse chroot if privsep users home dir is /var/empty
As we should not be filling it.
This means we don't mess up a stock install where the pkg admin
hasn't setup privsep correctly.
| -rw-r--r-- | src/privsep.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/privsep.c b/src/privsep.c index 99a507e7..be4dc34e 100644 --- a/src/privsep.c +++ b/src/privsep.c @@ -113,6 +113,13 @@ ps_init(struct dhcpcd_ctx *ctx) return -1; } + /* If we pickup the _dhcp user refuse the default directory */ + if (strcmp(pw->pw_dir, "/var/empty") == 0) { + logerrx("refusing chroot: %s: %s", PRIVSEP_USER, pw->pw_dir); + errno = 0; + return -1; + } + /* Create the database directory. */ if (snprintf(path, sizeof(path), "%s%s", pw->pw_dir, DBDIR) == -1 || ps_mkdir(path) == -1 || |