[Bug 1616] New: root owned empty subdirs are deletable by chroot users
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Wed Jul 1 06:46:07 EST 2009
https://bugzilla.mindrot.org/show_bug.cgi?id=1616
Summary: root owned empty subdirs are deletable by chroot users
Product: Portable OpenSSH
Version: 5.2p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: sftp-server
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: giulius at gmail.com
Successfully created a chroot sftp user and his structure:
nomad:~# grep prova /etc/passwd
prova:x:1000:107:,,,:/:/bin/false
nomad:~# grep ftponly /etc/group
sftponly:x:107:
nomad:~# less /usr/local/test_openssh/etc/sshd_config
...
Subsystem sftp internal-sftp
Match User prova
ForceCommand internal-sftp
ChrootDirectory /siuvar/chroots/prova/
AllowTcpForwarding no
X11Forwarding no
...
I already know it is not possible for the user prova to write directly
into the chroot dir "prova" :-( in which I've created a subdir "www":
drwxr-xr-x 9 root root 4096 2009-06-30 22:31 .
drwxr-xr-x 3 root root 4096 2009-06-30 21:34 ..
drwxr-xr-x 2 prova sftponly 4096 2009-06-30 22:07 www
The bug: is always possible by prova user via FileZilla client to
delete any "www" subdir if empty and owned by users other than prova.
If the subdir contains root files (or files owned by users other than
prova) the subdir is not deletable.
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list