From 262fb1973fe86c444217efa5aa66bba53732ca60 Mon Sep 17 00:00:00 2001
From: dtucker <>
Date: Mon, 13 Dec 2004 12:39:15 +0000
Subject: [PATCH] Sanity check owner and permissions of privsep directory, like
 sshd does; ok henning@

---
 src/usr.sbin/ntpd/ntp.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c
index 0646e850..f7056b28 100644
--- a/src/usr.sbin/ntpd/ntp.c
+++ b/src/usr.sbin/ntpd/ntp.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ntp.c,v 1.43 2004/12/13 12:36:02 dtucker Exp $ */
+/*	$OpenBSD: ntp.c,v 1.44 2004/12/13 12:39:15 dtucker Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -19,6 +19,7 @@
 
 #include <sys/param.h>
 #include <sys/time.h>
+#include <sys/stat.h>
 #include <errno.h>
 #include <fcntl.h>
 #include <paths.h>
@@ -72,6 +73,7 @@ ntp_main(int pipe_prnt[2], struct ntpd_conf *nconf)
 	struct ntp_peer		*p;
 	struct ntp_peer		**idx2peer = NULL;
 	struct timespec		 tp;
+	struct stat		 stb;
 	time_t			 nextaction;
 	void			*newp;
 
@@ -93,6 +95,10 @@ ntp_main(int pipe_prnt[2], struct ntpd_conf *nconf)
 	if ((nullfd = open(_PATH_DEVNULL, O_RDWR, 0)) == -1)
 		fatal(NULL);
 
+	if (stat(pw->pw_dir, &stb) == -1)
+		fatal("stat");
+	if (stb.st_uid != 0 || (stb.st_mode & (S_IWGRP|S_IWOTH)) != 0)
+		fatal("bad privsep dir permissions");
 	if (chroot(pw->pw_dir) == -1)
 		fatal("chroot");
 	if (chdir("/") == -1)