[Bug 3428] New: chroot root 755] I wish there was an option to lower the chroot security. CVE-2009-2904
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Apr 29 20:59:41 AEST 2022
https://bugzilla.mindrot.org/show_bug.cgi?id=3428
Bug ID: 3428
Summary: chroot root 755] I wish there was an option to lower
the chroot security. CVE-2009-2904
Product: Portable OpenSSH
Version: 8.9p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: sftp-server
Assignee: unassigned-bugs at mindrot.org
Reporter: shj at xenosi.de
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2904
https://github.com/openssh/openssh-portable/blob/master/session.c#L1336
The directory to be chrooted must be root 755.
It is inconvenient as it is forced without a way to solve it as an
option.
The CVE content says that you can do something with a combination of
hardlink and setuid,
Isn't this a problem related to openssh that occurs when another
account executes?
I would like to take this vulnerability and make it impossible to
detect the existence of other accounts when logged in.
Please make it an option.
thank you.
if(!options->unsecure_chroot_directory) {
if (st.st_uid != 0 || (st.st_mode & 022) != 0)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list