chroot to pw_dir instead of the hard-coded /var/empty. Also make the

chroot+chdir step look more like in the other privsep daemons. OK tedu@
2025-01-10 06:47:55 -08:00 · 2015-11-01 13:59:44 +00:00 · 2015-11-01 13:59:44 +00:00 · 1835fe0e2d
commit 1835fe0e2d
parent ad9ee0ddab
1 changed files with 4 additions and 2 deletions
--- a/usr.sbin/rebound/rebound.c
+++ b/usr.sbin/rebound/rebound.c
@ -1,4 +1,4 @@
-/* $OpenBSD: rebound.c,v 1.40 2015/10/30 15:44:12 tedu Exp $ */
+/* $OpenBSD: rebound.c,v 1.41 2015/11/01 13:59:44 reyk Exp $ */
 /*
 * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
 *
@ -440,8 +440,10 @@ launch(const char *confname, int ud, int ld, int kq)
 	if (!(pwd = getpwnam("_rebound")))
 		logerr("getpwnam failed");

-	if (chroot("/var/empty") || chdir("/"))
+	if (chroot(pwd->pw_dir) == -1)
 		logerr("chroot failed (%d)", errno);
+	if (chdir("/") == -1)
+		logerr("chdir failed (%d)", errno);

 	setproctitle("worker");
 	EV_SET(&kev[0], parent, EVFILT_PROC, EV_ADD, NOTE_EXIT, 0, NULL);