From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Patrick Meyer <git@the-space.agency>
Date: Sat, 30 Apr 2022 10:58:10 +0000
Subject: [PATCH] Use unveil for privsep

---
 sshd.c | 28 +++-------------------------
 1 file changed, 3 insertions(+), 25 deletions(-)

diff --git a/sshd.c b/sshd.c
index 0ee65b5..e2f84de 100644
--- a/sshd.c
+++ b/sshd.c
@@ -452,12 +452,9 @@ privsep_preauth_child(void)
 
 	/* Demote the child */
 	if (privsep_chroot) {
-		/* Change our root directory */
-		if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
-			fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
-			    strerror(errno));
-		if (chdir("/") == -1)
-			fatal("chdir(\"/\"): %s", strerror(errno));
+		/* Hide the whole filesystem */
+		if (unveil(NULL, NULL) < 0)
+			fatal("unveil(NULL, NULL): %s", strerror(errno));
 
 		/* Drop our privileges */
 		debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
@@ -1952,25 +1949,6 @@ main(int ac, char **av)
 		    sshkey_type(key));
 	}
 
-	if (privsep_chroot) {
-		struct stat st;
-
-		if ((stat(_PATH_PRIVSEP_CHROOT_DIR, &st) == -1) ||
-		    (S_ISDIR(st.st_mode) == 0))
-			fatal("Missing privilege separation directory: %s",
-			    _PATH_PRIVSEP_CHROOT_DIR);
-
-#ifdef HAVE_CYGWIN
-		if (check_ntsec(_PATH_PRIVSEP_CHROOT_DIR) &&
-		    (st.st_uid != getuid () ||
-		    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
-#else
-		if (st.st_uid != 0 || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)
-#endif
-			fatal("%s must be owned by root and not group or "
-			    "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
-	}
-
 	if (test_flag > 1) {
 		/*
 		 * If no connection info was provided by -C then use