[Bug 1567] New: Insufficient privileges to chroot() on AIX

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Mar 7 00:59:12 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1567

           Summary: Insufficient privileges to chroot() on AIX
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: PPC
        OS/Version: AIX
            Status: NEW
          Severity: major
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: bana at docisland.org


I need to use sftp-only accounts, chroot()ed in their home dirs, on AIX
5.3 with OpenSSH_5.2p1.
But there is a problem with the chroot() call.

In the do_setusercontext() function,  chroot() is called after the
setpcred() (only AIX is concerned by the setpcred() call), so
privileges are already dropped when chroot() is called.

When not calling setpcred(), the chroot() does not fail and the
privileges
are dropped anyway within the permanently_set_uid() call, just after
the
safely_chroot() call.

Is the setpcred() really usefull ?

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list