From 5a8e64ee60dcf761a571e9dcd6936f487eb22bad Mon Sep 17 00:00:00 2001
From: Luoqi Chen <luoqi@FreeBSD.org>
Date: Fri, 29 Sep 2006 04:41:37 +0000
Subject: [PATCH] Do not chdir(2) until after setuid(2), otherwise "su -
 username" would fail when root doesn't have the permission to enter target
 user's home directory. If set, PAM environment variable HOME will be used in
 chdir(2) instead of pwd->pw_dir, this allows pam_chroot module to continue to
 function.

---
 usr.bin/su/su.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/usr.bin/su/su.c b/usr.bin/su/su.c
index 937c51420e5b..76f76b61e64d 100644
--- a/usr.bin/su/su.c
+++ b/usr.bin/su/su.c
@@ -403,12 +403,6 @@ main(int argc, char *argv[])
 	}
 	setpriority(PRIO_PROCESS, 0, prio);
 
-	/* Switch to home directory */
-	if (asthem) {
-		if (chdir(pwd->pw_dir) < 0)
-			errx(1, "no directory");
-	}
-
 	/*
 	 * PAM modules might add supplementary groups in pam_setcred(), so
 	 * initialize them first.
@@ -540,6 +534,10 @@ main(int argc, char *argv[])
 					LOGIN_SETENV);
 				if (p)
 					setenv("TERM", p, 1);
+
+				p = pam_getenv(pamh, "HOME");
+				if (chdir(p ? p : pwd->pw_dir) < 0)
+					errx(1, "no directory");
 			}
 		}
 		login_close(lc);