Mercurial > hg > dhcpcd

--- a/Makefile.inc	Tue May 05 17:34:54 2020 +0100
+++ b/Makefile.inc	Tue May 05 17:55:10 2020 +0100
@@ -33,5 +33,6 @@
 SED_SCRIPT=		-e 's:@SCRIPT@:${SCRIPT}:g'
 SED_SYS=		-e 's:@SYSCONFDIR@:${SYSCONFDIR}:g'
 SED_DEFAULT_HOSTNAME=	-e 's:@DEFAULT_HOSTNAME@:${DEFAULT_HOSTNAME}:g'
-SED_CHROOT?=		-e 's:@CHDIR^@::g' -e 's:@CHDIR$$@::g' -e '/@CHDIR@/d'
+SED_CHROOT?=		-e 's:@CHDIR^@::g' -e 's:@CHDIR$$@::g' \
+	-e '/@CHDIR1@/d' -e '/@CHDIR2@/d'
 SED_PRIVSEP_USER=	-e 's:@PRIVSEP_USER@:${PRIVSEP_USER}:g'
--- a/configure	Tue May 05 17:34:54 2020 +0100
+++ b/configure	Tue May 05 17:55:10 2020 +0100
@@ -583,7 +583,11 @@
 	echo "PRIVSEP_USER?=	$PRIVSEP_USER" >>$CONFIG_MK
 	if [ -n "$PRIVSEP_CHROOT" ]; then
 		echo "PRIVSEP_CHROOT=	$PRIVSEP_CHROOT" >>$CONFIG_MK
-		echo "SED_CHROOT=	-e 's:@CHDIR^@.*@CHDIR\$\$@:default of:g' -e 's:@CHDIR@:.Pa \${PRIVSEP_CHROOT} .:g'" >>$CONFIG_MK
+		cat <<EOF >>$CONFIG_MK
+SED_CHROOT=	-e 's:@CHDIR^@.*@CHDIR\$\$@:default of:g' \\
+	-e 's:@CHDIR1@:.Pa \${PRIVSEP_CHROOT} .:g' \\
+	-e 's:@CHDIR2@:A blank string chroots to the privileged separation users home directory.:g'
+EOF
 	fi
 	echo "#ifndef PRIVSEP_USER" >>$CONFIG_H
 	echo "#define PRIVSEP_USER		 \"$PRIVSEP_USER\"" >>$CONFIG_H
--- a/src/dhcpcd.8.in	Tue May 05 17:34:54 2020 +0100
+++ b/src/dhcpcd.8.in	Tue May 05 17:55:10 2020 +0100
@@ -269,7 +269,8 @@
 .Ar chroot
 directory rather than the
 @CHDIR^@privilege separation users home directory.@CHDIR$@
-@CHDIR@
+@CHDIR1@
+@CHDIR2@
 The privilege separation user is @PRIVSEP_USER@.
 .It Fl D , Fl Fl duid
 Use a DHCP Unique Identifier.
--- a/src/dhcpcd.c	Tue May 05 17:34:54 2020 +0100
+++ b/src/dhcpcd.c	Tue May 05 17:55:10 2020 +0100
@@ -1896,7 +1896,15 @@
 			break;
 #ifdef PRIVSEP
 		case O_CHROOT:
-			ctx.ps_chroot = optarg;
+#ifdef PRIVSEP_CHROOT
+			if (*optarg == '\0' ||
+			    (((optarg[0] == '"' && optarg[1] == '"') ||
+			      (optarg[0] == '\'' && optarg[1] == '\'')) &&
+			     optarg[2] == '\0'))
+				ctx.ps_chroot = NULL;
+			else
+#endif
+				ctx.ps_chroot = optarg;
 			break;
 #endif
 		case '?':