File openssh-4.7p1-sftp-server.dif of Package openssh

--- sftp-server.c	2007-05-20 06:09:05.000000000 +0100
+++ sftp-server.c	2008-03-01 03:35:04.000000000 +0000
@@ -13,6 +13,13 @@
  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ *
+ ************************************************************************
+ * This version modified 05/09/07 by Minstrel <Minstrel@minstrel.org.uk>
+ * to provide chroot'd SFTP (see http://www.minstrel.org.uk/papers/sftp/)
+ *
+ * Search for 'Minstrel' in this file to find modifications
+ ************************************************************************
  */
 
 #include "includes.h"
@@ -45,6 +52,10 @@
 #include "sftp.h"
 #include "sftp-common.h"
 
+/* Following single line added by Minstrel */
+
+#define CHROOT
+
 /* helper */
 #define get_int64()			buffer_get_int64(&iqueue);
 #define get_int()			buffer_get_int(&iqueue);
@@ -1207,6 +1218,39 @@
 	exit(1);
 }
 
+/* Start additions by Minstrel */
+
+#ifdef CHROOT
+void
+chroot_init(void)
+{
+       char *user_dir, *new_root;
+
+       user_dir = getenv("HOME");
+       if (!user_dir)
+               fatal("HOME isn't in environment");
+
+       new_root = user_dir + 1;
+
+       while ((new_root = strchr(new_root, '.')) != NULL) {
+               new_root--;
+               if (strncmp(new_root, "/./", 3) == 0) {
+                       *new_root = '\0';
+                       new_root += 2;
+
+                       if (chroot(user_dir) != 0)
+                               fatal("Couldn't chroot to user directory %s: %s", user_dir, strerror(errno));
+
+                       setenv("HOME", new_root, 1);
+                       break;
+               }
+               new_root += 2;
+       }
+}
+#endif /* CHROOT */
+
+/* End additions by Minstrel */
+
 int
 main(int argc, char **argv)
 {
@@ -1273,6 +1317,16 @@
 
 	handle_init();
 
+/* Start additions by Minstrel */
+
+#ifdef CHROOT
+       chroot_init();
+#endif
+	if (setuid(getuid()) != 0 || setgid(getgid()) != 0)
+		fatal("Couldn't drop privileges: %s", strerror(errno));
+
+/* End additions by Minstrel */
+
 	in = dup(STDIN_FILENO);
 	out = dup(STDOUT_FILENO);