[Bug 3715] safely_chroot is a little too restrictive: noexec or nosuid should be enough

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Jul 31 10:20:03 AEST 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3715

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dtucker at dtucker.net

--- Comment #3 from Darren Tucker <dtucker at dtucker.net> ---
(In reply to Joshua Hudson from comment #2)
> Why is nodev (to be) required? It's not like an external filesystem;
> the user can't *make* devices.

No, but they *can* create new hardlinks to existing devices on the same
filesystem (this example is OpenBSD, but I'd expect the same on most
systems where /dev is not a separate mount point):

$ id
uid=1000(builder) gid=1000(builder) groups=1000(builder)
$ mount 
/dev/sd0a on / type ffs (local, wxallowed)
$ ln /dev/null ~/null
$ ls -ld . ~/null
drwxr-xr-x  3 builder  builder       512 Jul 31 10:12 .
crw-rw-rw-  2 root     wheel      2,   2 Jul 31 10:10
/home/builder/null
$ echo foo >~/null
$

(In reply to Joshua Hudson from comment #2)
> It may have been; but I jumped back a few versions and found the
> original state was don't check permissions on the chroot directory.

Depending on how far back you went, but in the realm of "decade old"
you may have been reintroducing CVE-2009-2904
(https://bugzilla.redhat.com/show_bug.cgi?id=522141).

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list