[Bug 1575] New: OpenSSH 5.2p1 failure using ChrootDirectory option on AIX

[bugzilla-daemon at bugzilla.mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=1575

           Summary: OpenSSH 5.2p1 failure using ChrootDirectory option on
                    AIX
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: PPC
        OS/Version: AIX
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: cartmanltd at hotmail.com
                CC: cartmanltd at hotmail.com


I have been experimenting with the ChrootDirectory feature on OpenSSH
5.2p1 running on AIX 5.3, but have encountered repeated failures
chroot("/restrict/home"): Operation not permitted.

Debugging the sshd process, it is the "chroot()" subroutine failing
with error EPERM "Operation not permitted" because the process no
longer has root user authority. Under AIX, the manual pages for the
"chroot()" subroutine say "The calling process must have root user
authority in order to change the effective root directory."

I believe the problematic code is located in the "session.c" module
within function "do_setusercontext()". In this function, the
"setpcred()" subroutine is called to change the user/group privileges
from the root user to that of the ssh user. This is later followed by
"safely_chroot()" (which invokes "chroot()"). Unfortunately the order
of these calls wont work for non-root users on AIX. To make it work,
the "safely_chroot()" must be called before "setprcred()".

Solaris has a similar restriction for "chroot()", viz: "The
{PRIV_PROC_CHROOT} privilege is not asserted in the effective set of
the calling process."

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.