[Bug 3715] safely_chroot is a little too restrictive: noexec or nosuid should be enough
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Aug 27 09:57:48 AEST 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3715
--- Comment #10 from Joshua Hudson <joshudson at gmail.com> ---
On plotting an alternative pathway I discovered two very interesting
things.
1) sftp-server isn't very happy without an /etc/passwd; but
internal-sftp is fine with it.
2) When linking against musl libc, this chroot-ssh patch is definitely
safe so long as /proc isn't mounted in the chroot jail (which I have no
intention of doing). The number of things in musl libc that care about
late /etc or /usr/share access are so few that I can manually audit all
of them (result: all unreachable after chroot() is called).
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list