[Bug 3048] ssh reads from the wrong directory in user namespace

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Thu Aug 1 08:48:13 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3048

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
It uses the directory returned by the system's getpwnam(3) for the real
userid of the ssh process.  Thus, if you are running it as root then it
always looks in root's home directory.

https://github.com/openssh/openssh-portable/blob/master/ssh.c#L545

It's behaved like this for a long time.  I suspect its original intent
was to prevent $HOME games in the case where the ssh binary was setuid,
which was supported (although very infrequently actually used that way)
up until recently.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list