From c214bf6eca6de29239d00b4a9ce6528f82b25bec Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Thu, 1 Jan 2015 13:06:38 -0600 Subject: [PATCH 01/13] be more verbose when logging privsep errors Make it easy for a sysadmin to diagnose a privilege separation path problem without looking at the source code. --- src/usr.sbin/ntpd/ntp.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c index 87b769b..625364a 100644 --- a/src/usr.sbin/ntpd/ntp.c +++ b/src/usr.sbin/ntpd/ntp.c @@ -121,10 +121,13 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf, ntp_dns(pipe_dns, nconf, pw); close(pipe_dns[1]); - if (stat(pw->pw_dir, &stb) == -1) - fatal("stat"); - if (stb.st_uid != 0 || (stb.st_mode & (S_IWGRP|S_IWOTH)) != 0) - fatalx("bad privsep dir permissions"); + if (stat(pw->pw_dir, &stb) == -1) { + fatal("privsep dir %s could not be opened", pw->pw_dir); + } + if (stb.st_uid != 0 || (stb.st_mode & (S_IWGRP|S_IWOTH)) != 0) { + fatalx("bad privsep dir %s permissions: %o", + pw->pw_dir, stb.st_mode); + } if (chroot(pw->pw_dir) == -1) fatal("chroot"); if (chdir("/") == -1) -- 1.9.1