From: Roy Marples <roy@marples.name>
Date: Mon, 30 Mar 2020 16:12:26 +0000 (+0100)
Subject: privsep: Refuse chroot if privsep users home dir is /var/empty
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5ac1a5cd6fe054c5ece0de679d5294cfca797772;p=thirdparty%2Fdhcpcd.git

privsep: Refuse chroot if privsep users home dir is /var/empty

As we should not be filling it.
This means we don't mess up a stock install where the pkg admin
hasn't setup privsep correctly.
---

diff --git a/src/privsep.c b/src/privsep.c
index 99a507e7..be4dc34e 100644
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -113,6 +113,13 @@ ps_init(struct dhcpcd_ctx *ctx)
 		return -1;
 	}
 
+	/* If we pickup the _dhcp user refuse the default directory */
+	if (strcmp(pw->pw_dir, "/var/empty") == 0) {
+		logerrx("refusing chroot: %s: %s", PRIVSEP_USER, pw->pw_dir);
+		errno = 0;
+		return -1;
+	}
+
 	/* Create the database directory. */
 	if (snprintf(path, sizeof(path), "%s%s", pw->pw_dir, DBDIR) == -1 ||
 	    ps_mkdir(path) == -1 ||