diff --git a/openssh-5.2p1-homechroot.patch b/openssh-5.2p1-homechroot.patch
index 4bc4793..6b3a7a3 100644
--- a/openssh-5.2p1-homechroot.patch
+++ b/openssh-5.2p1-homechroot.patch
@@ -1,6 +1,6 @@
 diff -up /dev/null openssh-5.2p1/chrootenv.h
---- /dev/null	2009-07-23 14:57:23.604046842 +0200
-+++ openssh-5.2p1/chrootenv.h	2009-07-24 07:11:29.000000000 +0200
+--- /dev/null	2009-08-19 20:21:50.796466837 +0200
++++ openssh-5.2p1/chrootenv.h	2009-08-19 23:22:15.000000000 +0200
 @@ -0,0 +1,32 @@
 +/* $OpenBSD: session.h,v 1.30 2008/05/08 12:21:16 djm Exp $ */
 +
@@ -35,8 +35,8 @@ diff -up /dev/null openssh-5.2p1/chrootenv.h
 +#endif
 +
 diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
---- openssh-5.2p1/session.c.homechroot	2009-07-24 07:11:22.000000000 +0200
-+++ openssh-5.2p1/session.c	2009-07-24 07:33:14.000000000 +0200
+--- openssh-5.2p1/session.c.homechroot	2009-08-19 23:22:14.000000000 +0200
++++ openssh-5.2p1/session.c	2009-08-19 23:22:15.000000000 +0200
 @@ -119,6 +119,8 @@ void	do_child(Session *, const char *);
  void	do_motd(void);
  int	check_quietlogin(Session *, const char *);
@@ -58,7 +58,69 @@ diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
  #ifdef SSH_AUDIT_EVENTS
  	if (command != NULL)
  		PRIVSEP(audit_run_command(command));
-@@ -1408,6 +1415,7 @@ safely_chroot(const char *path, uid_t ui
+@@ -1399,6 +1406,61 @@ do_nologin(struct passwd *pw)
+ }
+ 
+ /*
++ * Test if filesystem is mounted nosuid and nodev
++ */
++
++static void
++test_nosuid (dev_t fs)
++{
++	FILE *f;
++	struct stat st;
++	char buf[4096], *s, *on, *mountpoint, *opt;
++	int nodev, nosuid;
++
++	if (!(f = popen ("/bin/mount", "r")))
++		fatal ("%s: popen(\"/bin/mount\", \"r\"): %s",
++		    __func__, strerror (errno));
++	for (;;) {
++		s = fgets (buf, sizeof (buf), f);
++		if (ferror (f))
++			fatal ("%s: read from popen: %s", __func__,
++			    strerror (errno));
++		if (!s) {
++			pclose (f);
++			fatal ("cannot found filesystem with the chroot directory");
++		}
++		(void) strtok (buf, " ");
++		on = strtok (NULL, " ");
++		if (strcmp (on, "on")) {
++			pclose (f);
++			fatal ("bad format of mount output");
++		}
++		mountpoint = strtok (NULL, " ");
++		if (stat(mountpoint, &st) != 0) {
++			pclose (f);
++			fatal("%s: stat(\"%s\"): %s", __func__,
++			    mountpoint, strerror(errno));
++		}
++		if (fs != st.st_dev)
++			continue;
++		nodev = nosuid = 0;
++		for (opt = strtok (NULL, "("); opt; opt = strtok (NULL, " ,)")) {
++			if (!strcmp (opt, "nodev"))
++				nodev = 1;
++			else if (!strcmp (opt, "nosuid"))
++				nosuid = 1;
++			else if (!strcmp (opt, "noexec"))
++				nosuid = 1;
++			if (nodev && nosuid) {
++				pclose (f);
++				return;
++			}
++		}
++		fatal ("chroot into directory without nodev or nosuid");
++	}	
++}
++
++/*
+  * Chroot into a directory after checking it for safety: all path components
+  * must be root-owned directories with strict permissions.
+  */
+@@ -1408,6 +1470,7 @@ safely_chroot(const char *path, uid_t ui
  	const char *cp;
  	char component[MAXPATHLEN];
  	struct stat st;
@@ -66,7 +128,7 @@ diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
  
  	if (*path != '/')
  		fatal("chroot path does not begin at root");
-@@ -1419,7 +1427,7 @@ safely_chroot(const char *path, uid_t ui
+@@ -1419,7 +1482,7 @@ safely_chroot(const char *path, uid_t ui
  	 * root-owned directory with strict permissions.
  	 */
  	for (cp = path; cp != NULL;) {
@@ -75,7 +137,7 @@ diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
  			strlcpy(component, path, sizeof(component));
  		else {
  			cp++;
-@@ -1432,15 +1440,19 @@ safely_chroot(const char *path, uid_t ui
+@@ -1432,14 +1495,20 @@ safely_chroot(const char *path, uid_t ui
  		if (stat(component, &st) != 0)
  			fatal("%s: stat(\"%s\"): %s", __func__,
  			    component, strerror(errno));
@@ -87,30 +149,30 @@ diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
  		if (!S_ISDIR(st.st_mode))
  			fatal("chroot path %s\"%s\" is not a directory",
  			    cp == NULL ? "" : "component ", component);
--
- 	}
++	}
 +	setenv ("TZ", "/etc/localtime", 0);
 +	tzset ();
-+
-+	if (st.st_uid != uid)
+ 
++	if (st.st_uid) {
++		test_nosuid (st.st_dev);
 +		++chroot_no_tree;
+ 	}
  
  	if (chdir(path) == -1)
- 		fatal("Unable to chdir to chroot path \"%s\": "
-@@ -1451,6 +1463,10 @@ safely_chroot(const char *path, uid_t ui
+@@ -1451,6 +1520,10 @@ safely_chroot(const char *path, uid_t ui
  	if (chdir("/") == -1)
  		fatal("%s: chdir(/) after chroot: %s",
  		    __func__, strerror(errno));
 +
 +	if (access ("/etc/localtime", R_OK) < 0)
-+			++chroot_no_tree;
++		++chroot_no_tree;
 +
  	verbose("Changed root directory to \"%s\"", path);
  }
  
 diff -up openssh-5.2p1/sftp.c.homechroot openssh-5.2p1/sftp.c
 --- openssh-5.2p1/sftp.c.homechroot	2009-02-14 06:26:19.000000000 +0100
-+++ openssh-5.2p1/sftp.c	2009-07-24 07:11:29.000000000 +0200
++++ openssh-5.2p1/sftp.c	2009-08-19 23:22:15.000000000 +0200
 @@ -94,6 +94,8 @@ int remote_glob(struct sftp_conn *, cons
  
  extern char *__progname;
@@ -122,7 +184,7 @@ diff -up openssh-5.2p1/sftp.c.homechroot openssh-5.2p1/sftp.c
  
 diff -up openssh-5.2p1/sftp-common.c.homechroot openssh-5.2p1/sftp-common.c
 --- openssh-5.2p1/sftp-common.c.homechroot	2006-08-05 04:39:40.000000000 +0200
-+++ openssh-5.2p1/sftp-common.c	2009-07-24 07:11:29.000000000 +0200
++++ openssh-5.2p1/sftp-common.c	2009-08-19 23:22:15.000000000 +0200
 @@ -40,6 +40,7 @@
  #include "xmalloc.h"
  #include "buffer.h"
@@ -149,7 +211,7 @@ diff -up openssh-5.2p1/sftp-common.c.homechroot openssh-5.2p1/sftp-common.c
  		snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);
 diff -up openssh-5.2p1/sftp-server-main.c.homechroot openssh-5.2p1/sftp-server-main.c
 --- openssh-5.2p1/sftp-server-main.c.homechroot	2009-02-21 22:47:02.000000000 +0100
-+++ openssh-5.2p1/sftp-server-main.c	2009-07-24 07:11:29.000000000 +0200
++++ openssh-5.2p1/sftp-server-main.c	2009-08-19 23:22:15.000000000 +0200
 @@ -22,11 +22,14 @@
  #include <stdarg.h>
  #include <stdio.h>
@@ -165,3 +227,42 @@ diff -up openssh-5.2p1/sftp-server-main.c.homechroot openssh-5.2p1/sftp-server-m
  void
  cleanup_exit(int i)
  {
+diff -up openssh-5.2p1/sshd_config.0.homechroot openssh-5.2p1/sshd_config.0
+--- openssh-5.2p1/sshd_config.0.homechroot	2009-08-19 23:22:14.000000000 +0200
++++ openssh-5.2p1/sshd_config.0	2009-08-19 23:31:26.000000000 +0200
+@@ -112,6 +112,14 @@ DESCRIPTION
+              essary if the in-process sftp server is used (see Subsystem for
+              details).
+ 
++             In the special case when only sftp is used, not ssh nor scp, it
++             is possible to use ChrootDirectory %h or ChrootDirectory
++             /some/path/%u. The file system containing this directory must be
++             mounted with options nodev and either nosuid or noexec. The owner
++             of the directory should be the user. The ownership of the other
++             components of the path must fulfill the usual conditions. No adi-
++             tional files are required to be present in the directory.
++
+              The default is not to chroot(2).
+ 
+      Ciphers
+diff -up openssh-5.2p1/sshd_config.5.homechroot openssh-5.2p1/sshd_config.5
+--- openssh-5.2p1/sshd_config.5.homechroot	2009-08-19 23:22:14.000000000 +0200
++++ openssh-5.2p1/sshd_config.5	2009-08-19 23:22:15.000000000 +0200
+@@ -219,6 +219,17 @@ in-process sftp server is used (see
+ .Cm Subsystem
+ for details).
+ .Pp
++In the special case when only sftp is used, not ssh nor scp,
++it is possible to use
++.Cm ChrootDirectory
++%h or
++.Cm ChrootDirectory
++/some/path/%u. The file system containing this directory must be
++mounted with options nodev and either nosuid or noexec. The owner of the 
++directory should be the user. The ownership of the other components of the path
++must fulfill the usual conditions. No aditional files are required to be present
++in the directory.
++.Pp
+ The default is not to
+ .Xr chroot 2 .
+ .It Cm Ciphers
diff --git a/openssh.spec b/openssh.spec
index 33478f2..05c200e 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -63,7 +63,7 @@
 Summary: An open source implementation of SSH protocol versions 1 and 2
 Name: openssh
 Version: 5.2p1
-Release: 23%{?dist}%{?rescue_rel}
+Release: 24%{?dist}%{?rescue_rel}
 URL: http://www.openssh.com/portable.html
 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -468,6 +468,9 @@ fi
 %endif
 
 %changelog
+* Mon Sep  7 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-24
+- Add check for nosuid, nodev in homechroot
+
 * Tue Sep  1 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-23
 - add correct patch for ip-opts