[Bug 1599] New: "ForceCommand internal-sftp" not working as expected

[bugzilla-daemon at bugzilla.mindrot.org]

https://bugzilla.mindrot.org/show_bug.cgi?id=1599

           Summary: "ForceCommand internal-sftp" not working as expected
           Product: Portable OpenSSH
           Version: 5.2p1
          Platform: ix86
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: sshd
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: openssh-bugs at wulf.eu.org


Hello,
I tried setting up sshd for chrooted login and sftp-only access. My
/etc/ssh/sshd_config contains (among other stuff):

Subsystem sftp /usr/lib/openssh/sftp-server
Match User foo
        ChrootDirectory /srv/foo
        ForceCommand internal-sftp

The "Subsystem" option is set by default on debian systems.
The manual page says for "ForceCommand": Specifying a command of
“internal-sftp” will force the use of an in-process sftp server that
requires no support files when used with ChrootDirectory.

When I connect with sftp, sftp requests the subsystem 'sftp'. The
output from sshd is:

subsystem request for sftp
subsystem: cannot stat /usr/lib/openssh/sftp-server: No such file or
directory
subsystem request for sftp failed, subsystem not found
Connection closed by 127.0.0.1

Setting "Subsystem sftp internal-sftp" works around the problem, but
that option is not allowed inside a Match block.

If the stat() call in session_subsystem_req succeeds, is_subsystem is
set to SUBSYSTEM_EXT; then do_exec is called, it overrides this and
sets is_subsystem = SUBSYSTEM_INT_SFTP.

I believe that calling stat() on the external program and then calling
the internal sftp handler is not intended behaviour.

Regards
Jörn Heissler

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.