From 0b2940a2ba2e04fe876b7e8828d05e2d6b750797 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Thu, 1 Jan 2015 13:06:38 -0600 Subject: [PATCH 06/16] be more verbose when logging privsep errors Make it easy for a sysadmin to diagnose a privilege separation path problem without looking at the source code. --- src/usr.sbin/ntpd/ntp.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c index ddbcedd..26701c8 100644 --- a/src/usr.sbin/ntpd/ntp.c +++ b/src/usr.sbin/ntpd/ntp.c @@ -121,10 +121,15 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf, ntp_dns(pipe_dns, nconf, pw); close(pipe_dns[1]); - if (stat(pw->pw_dir, &stb) == -1) - fatal("stat"); - if (stb.st_uid != 0 || (stb.st_mode & (S_IWGRP|S_IWOTH)) != 0) - fatalx("bad privsep dir permissions"); + if (stat(pw->pw_dir, &stb) == -1) { + log_warn("privsep dir %s could not be opened", pw->pw_dir); + exit(1); + } + if (stb.st_uid != 0 || (stb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { + log_warnx("bad privsep dir %s permissions: %o", + pw->pw_dir, stb.st_mode); + exit(1); + } if (chroot(pw->pw_dir) == -1) fatal("chroot"); if (chdir("/") == -1) -- 1.9.1