[Bug 2556] New: on Linux non-root process can chroot

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Mar 19 11:01:38 AEDT 2016


https://bugzilla.mindrot.org/show_bug.cgi?id=2556

            Bug ID: 2556
           Summary: on Linux non-root process can chroot
           Product: Portable OpenSSH
           Version: 7.1p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: minor
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: igor at mir2.org

Currently sshd exits with fatal error if it see ChrootDirectory option
when running as non-root,
https://github.com/openssh/openssh-portable/blob/c38905ba391434834da86abfc988a2b8b9b62477/session.c#L1591
. 

This is wrong on Linux as there non-root process can perform chroot as
long as it has SYS_CHROOT effective capability. So the code should
either query the capability or the check should be removed as sshd
treats any chroot syscall errors as fatal in any case.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list