|
|
- From 76505eff3c813ccdc4bece27e96f26cf04a1ffca Mon Sep 17 00:00:00 2001
- From: Brent Cook <busterb@gmail.com>
- Date: Thu, 1 Jan 2015 13:06:38 -0600
- Subject: [PATCH 01/11] be more verbose when logging privsep errors
-
- Make it easy for a sysadmin to diagnose a privilege separation path
- problem without looking at the source code.
- ---
- src/usr.sbin/ntpd/ntp.c | 11 +++++++----
- 1 file changed, 7 insertions(+), 4 deletions(-)
-
- diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c
- index 8c46bfc..1553cc0 100644
- --- a/src/usr.sbin/ntpd/ntp.c
- +++ b/src/usr.sbin/ntpd/ntp.c
- @@ -121,10 +121,13 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf,
- ntp_dns(pipe_dns, nconf, pw);
- close(pipe_dns[1]);
-
- - if (stat(pw->pw_dir, &stb) == -1)
- - fatal("stat");
- - if (stb.st_uid != 0 || (stb.st_mode & (S_IWGRP|S_IWOTH)) != 0)
- - fatalx("bad privsep dir permissions");
- + if (stat(pw->pw_dir, &stb) == -1) {
- + fatal("privsep dir %s could not be opened", pw->pw_dir);
- + }
- + if (stb.st_uid != 0 || (stb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
- + fatalx("bad privsep dir %s permissions: %o",
- + pw->pw_dir, stb.st_mode);
- + }
- if (chroot(pw->pw_dir) == -1)
- fatal("chroot");
- if (chdir("/") == -1)
- --
- 1.9.1
-
|