|
|
From c214bf6eca6de29239d00b4a9ce6528f82b25bec Mon Sep 17 00:00:00 2001
|
|
|
From: Brent Cook <busterb@gmail.com>
|
|
|
Date: Thu, 1 Jan 2015 13:06:38 -0600
|
|
|
Subject: [PATCH 01/13] be more verbose when logging privsep errors
|
|
|
|
|
|
Make it easy for a sysadmin to diagnose a privilege separation path
|
|
|
problem without looking at the source code.
|
|
|
---
|
|
|
src/usr.sbin/ntpd/ntp.c | 11 +++++++----
|
|
|
1 file changed, 7 insertions(+), 4 deletions(-)
|
|
|
|
|
|
diff --git a/src/usr.sbin/ntpd/ntp.c b/src/usr.sbin/ntpd/ntp.c
|
|
|
index 87b769b..625364a 100644
|
|
|
--- a/src/usr.sbin/ntpd/ntp.c
|
|
|
+++ b/src/usr.sbin/ntpd/ntp.c
|
|
|
@@ -121,10 +121,13 @@ ntp_main(int pipe_prnt[2], int fd_ctl, struct ntpd_conf *nconf,
|
|
|
ntp_dns(pipe_dns, nconf, pw);
|
|
|
close(pipe_dns[1]);
|
|
|
|
|
|
- if (stat(pw->pw_dir, &stb) == -1)
|
|
|
- fatal("stat");
|
|
|
- if (stb.st_uid != 0 || (stb.st_mode & (S_IWGRP|S_IWOTH)) != 0)
|
|
|
- fatalx("bad privsep dir permissions");
|
|
|
+ if (stat(pw->pw_dir, &stb) == -1) {
|
|
|
+ fatal("privsep dir %s could not be opened", pw->pw_dir);
|
|
|
+ }
|
|
|
+ if (stb.st_uid != 0 || (stb.st_mode & (S_IWGRP|S_IWOTH)) != 0) {
|
|
|
+ fatalx("bad privsep dir %s permissions: %o",
|
|
|
+ pw->pw_dir, stb.st_mode);
|
|
|
+ }
|
|
|
if (chroot(pw->pw_dir) == -1)
|
|
|
fatal("chroot");
|
|
|
if (chdir("/") == -1)
|
|
|
--
|
|
|
1.9.1
|
|
|
|