From: Roy Marples Date: Tue, 5 May 2020 16:55:10 +0000 (+0100) Subject: privsep: Allow a blank string to force privsep users home directory X-Git-Tag: v9.1.0~91 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5a3fd90a17d8c0cda02dd4ca590f29acf5912d83;p=thirdparty%2Fdhcpcd.git privsep: Allow a blank string to force privsep users home directory So FreeBSD users can set it like other OS's if they so choose. --- diff --git a/Makefile.inc b/Makefile.inc index 6775f7f0..19208808 100644 --- a/Makefile.inc +++ b/Makefile.inc @@ -33,5 +33,6 @@ SED_STATUSARG= -e 's:@STATUSARG@:${STATUSARG}:g' SED_SCRIPT= -e 's:@SCRIPT@:${SCRIPT}:g' SED_SYS= -e 's:@SYSCONFDIR@:${SYSCONFDIR}:g' SED_DEFAULT_HOSTNAME= -e 's:@DEFAULT_HOSTNAME@:${DEFAULT_HOSTNAME}:g' -SED_CHROOT?= -e 's:@CHDIR^@::g' -e 's:@CHDIR$$@::g' -e '/@CHDIR@/d' +SED_CHROOT?= -e 's:@CHDIR^@::g' -e 's:@CHDIR$$@::g' \ + -e '/@CHDIR1@/d' -e '/@CHDIR2@/d' SED_PRIVSEP_USER= -e 's:@PRIVSEP_USER@:${PRIVSEP_USER}:g' diff --git a/configure b/configure index 58fcd808..ebf104c4 100755 --- a/configure +++ b/configure @@ -583,7 +583,11 @@ if [ "$PRIVSEP" = yes ]; then echo "PRIVSEP_USER?= $PRIVSEP_USER" >>$CONFIG_MK if [ -n "$PRIVSEP_CHROOT" ]; then echo "PRIVSEP_CHROOT= $PRIVSEP_CHROOT" >>$CONFIG_MK - echo "SED_CHROOT= -e 's:@CHDIR^@.*@CHDIR\$\$@:default of:g' -e 's:@CHDIR@:.Pa \${PRIVSEP_CHROOT} .:g'" >>$CONFIG_MK + cat <>$CONFIG_MK +SED_CHROOT= -e 's:@CHDIR^@.*@CHDIR\$\$@:default of:g' \\ + -e 's:@CHDIR1@:.Pa \${PRIVSEP_CHROOT} .:g' \\ + -e 's:@CHDIR2@:A blank string chroots to the privileged separation users home directory.:g' +EOF fi echo "#ifndef PRIVSEP_USER" >>$CONFIG_H echo "#define PRIVSEP_USER \"$PRIVSEP_USER\"" >>$CONFIG_H diff --git a/src/dhcpcd.8.in b/src/dhcpcd.8.in index 83d090f5..4188d6be 100644 --- a/src/dhcpcd.8.in +++ b/src/dhcpcd.8.in @@ -269,7 +269,8 @@ to the .Ar chroot directory rather than the @CHDIR^@privilege separation users home directory.@CHDIR$@ -@CHDIR@ +@CHDIR1@ +@CHDIR2@ The privilege separation user is @PRIVSEP_USER@. .It Fl D , Fl Fl duid Use a DHCP Unique Identifier. diff --git a/src/dhcpcd.c b/src/dhcpcd.c index 71ae45ac..060f2e93 100644 --- a/src/dhcpcd.c +++ b/src/dhcpcd.c @@ -1896,7 +1896,15 @@ main(int argc, char **argv) break; #ifdef PRIVSEP case O_CHROOT: - ctx.ps_chroot = optarg; +#ifdef PRIVSEP_CHROOT + if (*optarg == '\0' || + (((optarg[0] == '"' && optarg[1] == '"') || + (optarg[0] == '\'' && optarg[1] == '\'')) && + optarg[2] == '\0')) + ctx.ps_chroot = NULL; + else +#endif + ctx.ps_chroot = optarg; break; #endif case '?':